diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:04:41 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:04:41 +0000 |
| commit | 975f66f2eebe9dadba04f275774d4ab83f74cf25 (patch) | |
| tree | 89bd26a93aaae6a25749145b7e4bca4a1e75b2be /ansible_collections/check_point/mgmt/plugins | |
| parent | Initial commit. (diff) | |
| download | ansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.tar.xz ansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.zip | |
Adding upstream version 7.7.0+dfsg.upstream/7.7.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/check_point/mgmt/plugins')
181 files changed, 30763 insertions, 0 deletions
diff --git a/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_rules.py b/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_rules.py new file mode 100644 index 000000000..3a06797d9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_rules.py @@ -0,0 +1,60 @@ +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + + +from ansible.errors import AnsibleActionFail +from ansible.plugins.action import ActionBase +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import \ + prepare_rule_params_for_execute_module, check_if_to_publish_for_action + + +class ActionModule(ActionBase): + + def run(self, tmp=None, task_vars=None): + + module = super(ActionModule, self).run(tmp, task_vars) + + result = self._execute_module(module_name='check_point.mgmt.cp_mgmt_access_rules', module_args=self._task.args, + task_vars=task_vars, tmp=tmp) + + if 'msg' in result.keys(): + raise AnsibleActionFail(result['msg']) + + module_args = self._task.args + + fields = {'position', 'layer', 'auto_publish_session'} + rules_list = module_args['rules'] + for rule in rules_list: + for field in fields: + if field in rule.keys(): + raise AnsibleActionFail('Unsupported parameter ' + field + ' for rule') + # check_fields_for_rule_action_module(module_args) + rules_list = self._task.args['rules'] + position = 1 + below_rule_name = None + + for rule in rules_list: + rule, position, below_rule_name = prepare_rule_params_for_execute_module(rule=rule, module_args=module_args, + position=position, + below_rule_name=below_rule_name) + + result['rule: ' + rule['name']] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_access_rule', + module_args=rule, + task_vars=task_vars, tmp=tmp, wrap_async=False) + if 'changed' in result['rule: ' + rule['name']].keys() and \ + result['rule: ' + rule['name']]['changed'] is True: + result['changed'] = True + if 'failed' in result['rule: ' + rule['name']].keys() and result['rule: ' + rule['name']]['failed'] is True: + temp = result['rule: ' + rule['name']].copy() + result = {} + result['rule: ' + rule['name']] = temp + result['failed'] = True + result['discard:'] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_discard', + module_args={}, task_vars=task_vars, tmp=tmp) + break + if check_if_to_publish_for_action(result, module_args): + result['publish:'] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_publish', module_args={}, + task_vars=task_vars, tmp=tmp) + + return result diff --git a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py new file mode 100644 index 000000000..19e13ffac --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + wait_for_task: + description: + - Wait for the task to end. Such as publish task. + type: bool + default: True + wait_for_task_timeout: + description: + - How many minutes to wait until throwing a timeout error. + type: int + default: 30 + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str +''' diff --git a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py new file mode 100644 index 000000000..08a6b8954 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py @@ -0,0 +1,21 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str +''' diff --git a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py new file mode 100644 index 000000000..6df1f2f82 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py @@ -0,0 +1,42 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + state: + description: + - State of the access rule (present or absent). Defaults to present. + type: str + default: present + choices: + - 'present' + - 'absent' + auto_publish_session: + description: + - Publish the current session if changes have been performed + after task completes. + type: bool + wait_for_task: + description: + - Wait for the task to end. Such as publish task. + type: bool + default: True + wait_for_task_timeout: + description: + - How many minutes to wait until throwing a timeout error. + type: int + default: 30 + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str +''' diff --git a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects_action_module.py b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects_action_module.py new file mode 100644 index 000000000..992428bbe --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects_action_module.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + auto_publish_session: + description: + - Publish the current session if changes have been performed + after task completes. + type: bool + wait_for_task_timeout: + description: + - How many minutes to wait until throwing a timeout error. + type: int + default: 30 + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str +''' diff --git a/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py b/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py new file mode 100644 index 000000000..ade89cb00 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py @@ -0,0 +1,114 @@ +# (c) 2018 Red Hat Inc. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +DOCUMENTATION = """ +--- +author: Ansible Networking Team (@rcarrillocruz) +name: checkpoint +short_description: HttpApi Plugin for Checkpoint devices +description: + - This HttpApi plugin provides methods to connect to Checkpoint + devices over a HTTP(S)-based api. +version_added: "2.8.0" +options: + domain: + type: str + description: + - Specifies the domain of the Check Point device + vars: + - name: ansible_checkpoint_domain + api_key: + type: str + description: + - Login with api-key instead of user & password + vars: + - name: ansible_api_key + cloud_mgmt_id: + type: str + description: + - The Cloud Management ID + vars: + - name: ansible_cloud_mgmt_id +""" + +import json + +from ansible.module_utils.basic import to_text +from ansible.errors import AnsibleConnectionFailure +from ansible.module_utils.six.moves.urllib.error import HTTPError +from ansible.plugins.httpapi import HttpApiBase +from ansible.module_utils.connection import ConnectionError + +BASE_HEADERS = { + 'Content-Type': 'application/json', + 'User-Agent': 'Ansible', +} + + +class HttpApi(HttpApiBase): + def login(self, username, password): + payload = {} + cp_domain = self.get_option('domain') + cp_api_key = self.get_option('api_key') + if cp_domain: + payload['domain'] = cp_domain + if username and password and not cp_api_key: + payload['user'] = username + payload['password'] = password + elif cp_api_key and not username and not password: + payload['api-key'] = cp_api_key + else: + raise AnsibleConnectionFailure('[Username and password] or api_key are required for login') + url = '/web_api/login' + response, response_data = self.send_request(url, payload) + + try: + self.connection._auth = {'X-chkp-sid': response_data['sid']} + except KeyError: + raise ConnectionError( + 'Server returned response without token info during connection authentication: %s' % response) + # Case of read-only + if 'uid' in response_data.keys(): + self.connection._session_uid = response_data['uid'] + + def logout(self): + url = '/web_api/logout' + + response, dummy = self.send_request(url, None) + + def get_session_uid(self): + return self.connection._session_uid + + def send_request(self, path, body_params): + data = json.dumps(body_params) if body_params else '{}' + cp_cloud_mgmt_id = self.get_option('cloud_mgmt_id') + if cp_cloud_mgmt_id: + path = '/' + cp_cloud_mgmt_id + path + try: + self._display_request() + response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS) + value = self._get_response_value(response_data) + + return response.getcode(), self._response_to_json(value) + except AnsibleConnectionFailure as e: + return 404, e.message + except HTTPError as e: + error = json.loads(e.read()) + return e.code, error + + def _display_request(self): + self.connection.queue_message('vvvv', 'Web Services: %s %s' % ('POST', self.connection._url)) + + def _get_response_value(self, response_data): + return to_text(response_data.getvalue()) + + def _response_to_json(self, response_text): + try: + return json.loads(response_text) if response_text else {} + # JSONDecodeError only available on Python 3.5+ + except ValueError: + raise ConnectionError('Invalid JSON response: %s' % response_text) diff --git a/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py b/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py new file mode 100644 index 000000000..476e56f16 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py @@ -0,0 +1,807 @@ +# This code is part of Ansible, but is an independent component. +# This particular file snippet, and this file snippet only, is BSD licensed. +# Modules you write using this snippet, which is embedded dynamically by Ansible +# still belong to the author of the module, and may assign their own license +# to the complete work. +# +# (c) 2018 Red Hat Inc. +# +# Redistribution and use in source and binary forms, with or without modification, +# are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +import time + +from ansible.module_utils.connection import Connection + +checkpoint_argument_spec_for_action_module = dict( + auto_publish_session=dict(type='bool'), + wait_for_task_timeout=dict(type='int', default=30), + version=dict(type='str') +) + +checkpoint_argument_spec_for_objects = dict( + auto_publish_session=dict(type='bool'), + wait_for_task=dict(type='bool', default=True), + wait_for_task_timeout=dict(type='int', default=30), + state=dict(type='str', choices=['present', 'absent'], default='present'), + version=dict(type='str') +) + +checkpoint_argument_spec_for_facts = dict( + version=dict(type='str') +) + +checkpoint_argument_spec_for_commands = dict( + wait_for_task=dict(type='bool', default=True), + wait_for_task_timeout=dict(type='int', default=30), + version=dict(type='str') +) + +delete_params = ['name', 'uid', 'layer', 'exception-group-name', 'rule-name', 'package'] + +remove_from_set_payload = {'lsm-cluster': ['security-profile', 'name-prefix', 'name-suffix', 'main-ip-address'], + 'md-permissions-profile': ['permission-level']} + +remove_from_add_payload = {'lsm-cluster': ['name']} + + +# parse failure message with code and response +def parse_fail_message(code, response): + return 'Checkpoint device returned error {0} with message {1}'.format(code, response) + + +# send the request to checkpoint +def send_request(connection, version, url, payload=None): + code, response = connection.send_request('/web_api/' + version + url, payload) + + return code, response + + +# get the payload from the user parameters +def is_checkpoint_param(parameter): + if parameter == 'auto_publish_session' or \ + parameter == 'state' or \ + parameter == 'wait_for_task' or \ + parameter == 'wait_for_task_timeout' or \ + parameter == 'version': + return False + return True + + +def contains_show_identifier_param(payload): + identifier_params = ["name", "uid", "assigned-domain"] + for param in identifier_params: + if payload.get(param) is not None: + return True + return False + + +# build the payload from the parameters which has value (not None), and they are parameter of checkpoint API as well +def get_payload_from_parameters(params): + payload = {} + for parameter in params: + parameter_value = params[parameter] + if parameter_value is not None and is_checkpoint_param(parameter): + if isinstance(parameter_value, dict): + payload[parameter.replace("_", "-")] = get_payload_from_parameters(parameter_value) + elif isinstance(parameter_value, list) and len(parameter_value) != 0 and isinstance(parameter_value[0], dict): + payload_list = [] + for element_dict in parameter_value: + payload_list.append(get_payload_from_parameters(element_dict)) + payload[parameter.replace("_", "-")] = payload_list + else: + # special handle for this param in order to avoid two params called "version" + if parameter == "gateway_version" or parameter == "cluster_version": + parameter = "version" + + payload[parameter.replace("_", "-")] = parameter_value + + return payload + + +# wait for task +def wait_for_task(module, version, connection, task_id): + task_id_payload = {'task-id': task_id, 'details-level': 'full'} + task_complete = False + minutes_until_timeout = 30 + if module.params['wait_for_task_timeout'] is not None and module.params['wait_for_task_timeout'] >= 0: + minutes_until_timeout = module.params['wait_for_task_timeout'] + max_num_iterations = minutes_until_timeout * 30 + current_iteration = 0 + + # As long as there is a task in progress + while not task_complete and current_iteration < max_num_iterations: + current_iteration += 1 + # Check the status of the task + code, response = send_request(connection, version, 'show-task', task_id_payload) + + attempts_counter = 0 + while code != 200: + if attempts_counter < 5: + attempts_counter += 1 + time.sleep(2) + code, response = send_request(connection, version, 'show-task', task_id_payload) + else: + response['message'] = "ERROR: Failed to handle asynchronous tasks as synchronous, tasks result is" \ + " undefined. " + response['message'] + module.fail_json(msg=parse_fail_message(code, response)) + + # Count the number of tasks that are not in-progress + completed_tasks = 0 + for task in response['tasks']: + if task['status'] == 'failed': + status_description, comments = get_status_description_and_comments(task) + if comments and status_description: + module.fail_json( + msg='Task {0} with task id {1} failed. Message: {2} with description: {3} - ' + 'Look at the logs for more details ' + .format(task['task-name'], task['task-id'], comments, status_description)) + elif comments: + module.fail_json(msg='Task {0} with task id {1} failed. Message: {2} - Look at the logs for more details ' + .format(task['task-name'], task['task-id'], comments)) + elif status_description: + module.fail_json(msg='Task {0} with task id {1} failed. Message: {2} - Look at the logs for more ' + 'details ' + .format(task['task-name'], task['task-id'], status_description)) + else: + module.fail_json(msg='Task {0} with task id {1} failed. Look at the logs for more details' + .format(task['task-name'], task['task-id'])) + if task['status'] == 'in progress': + break + completed_tasks += 1 + + # Are we done? check if all tasks are completed + if completed_tasks == len(response["tasks"]) and completed_tasks != 0: + task_complete = True + else: + time.sleep(2) # Wait for two seconds + if not task_complete: + module.fail_json(msg="ERROR: Timeout. Task-id: {0}.".format(task_id_payload['task-id'])) + else: + return response + + +# Getting a status description and comments of task failure details +def get_status_description_and_comments(task): + status_description = None + comments = None + if 'comments' in task and task['comments']: + comments = task['comments'] + if 'task-details' in task and task['task-details']: + task_details = task['task-details'][0] + if 'statusDescription' in task_details: + status_description = task_details['statusDescription'] + return status_description, comments + + +# if failed occurred, in some cases we want to discard changes before exiting. We also notify the user about the `discard` +def discard_and_fail(module, code, response, connection, version): + discard_code, discard_response = send_request(connection, version, 'discard') + if discard_code != 200: + try: + module.fail_json(msg=parse_fail_message(code, response) + ' Failed to discard session {0}' + ' with error {1} with message {2}'.format(connection.get_session_uid(), + discard_code, discard_response)) + except Exception: + # Read-only mode without UID + module.fail_json(msg=parse_fail_message(code, response) + ' Failed to discard session' + ' with error {0} with message {1}'.format(discard_code, discard_response)) + + module.fail_json(msg=parse_fail_message(code, response) + ' Unpublished changes were discarded') + + +# handle publish command, and wait for it to end if the user asked so +def handle_publish(module, connection, version): + if 'auto_publish_session' in module.params and module.params['auto_publish_session']: + publish_code, publish_response = send_request(connection, version, 'publish') + if publish_code != 200: + discard_and_fail(module, publish_code, publish_response, connection, version) + if module.params['wait_for_task']: + wait_for_task(module, version, connection, publish_response['task-id']) + + +# if user insert a specific version, we add it to the url +def get_version(module): + return ('v' + module.params['version'] + '/') if module.params.get('version') else '' + + +# if code is 400 (bad request) or 500 (internal error) - fail +def handle_equals_failure(module, equals_code, equals_response): + if equals_code == 400 or equals_code == 500: + module.fail_json(msg=parse_fail_message(equals_code, equals_response)) + if equals_code == 404 and equals_response['code'] == 'generic_err_command_not_found': + module.fail_json(msg='Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center.') + + +# handle call +def handle_call(connection, version, call, payload, module, to_publish, to_discard_on_failure): + code, response = send_request(connection, version, call, payload) + if code != 200: + if to_discard_on_failure: + discard_and_fail(module, code, response, connection, version) + else: + module.fail_json(msg=parse_fail_message(code, response)) + else: + if 'wait_for_task' in module.params and module.params['wait_for_task']: + if 'task-id' in response: + response = wait_for_task(module, version, connection, response['task-id']) + elif 'tasks' in response: + for task in response['tasks']: + if 'task-id' in task: + task_id = task['task-id'] + response[task_id] = wait_for_task(module, version, connection, task['task-id']) + del response['tasks'] + if to_publish: + handle_publish(module, connection, version) + return response + + +# handle a command +def api_command(module, command): + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + code, response = send_request(connection, version, command, payload) + result = {'changed': True} + + if code == 200: + if module.params['wait_for_task']: + if 'task-id' in response: + response = wait_for_task(module, version, connection, response['task-id']) + elif 'tasks' in response: + for task in response['tasks']: + if 'task-id' in task: + task_id = task['task-id'] + response[task_id] = wait_for_task(module, version, connection, task['task-id']) + del response['tasks'] + + result[command] = response + + handle_publish(module, connection, version) + else: + discard_and_fail(module, code, response, connection, version) + + return result + + +# handle api call facts +def api_call_facts(module, api_call_object, api_call_object_plural_version): + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + # if there isn't an identifier param, the API command will be in plural version (e.g. show-hosts instead of show-host) + if not contains_show_identifier_param(payload): + api_call_object = api_call_object_plural_version + + response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False) + result = {api_call_object: response} + return result + + +# handle delete +def handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result): + # else equals_code is 404 and no need to delete because he doesn't exist + if equals_code == 200: + payload_for_delete = extract_payload_with_some_params(payload, delete_params) + response = handle_call(connection, version, 'delete-' + api_call_object, payload_for_delete, module, True, True) + result['changed'] = True + + +# handle the call and set the result with 'changed' and teh response +def handle_call_and_set_result(connection, version, call, payload, module, result): + response = handle_call(connection, version, call, payload, module, True, True) + result['changed'] = True + result[call] = response + + +# handle api call +def api_call(module, api_call_object): + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + result = {'changed': False} + if module.check_mode: + return result + + payload_for_equals = {'type': api_call_object, 'params': payload} + equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals) + result['checkpoint_session_uid'] = connection.get_session_uid() + handle_equals_failure(module, equals_code, equals_response) + + if module.params['state'] == 'present': + if equals_code == 200: + # else objects are equals and there is no need for set request + if not equals_response['equals']: + build_payload(api_call_object, payload, remove_from_set_payload) + handle_call_and_set_result(connection, version, 'set-' + api_call_object, payload, module, result) + elif equals_code == 404: + build_payload(api_call_object, payload, remove_from_add_payload) + handle_call_and_set_result(connection, version, 'add-' + api_call_object, payload, module, result) + elif module.params['state'] == 'absent': + handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result) + + return result + + +# returns a generator of the entire rulebase +def get_rulebase_generator(connection, version, layer, show_rulebase_command, rules_amount): + offset = 0 + limit = 100 + while True: + payload_for_show_rulebase = { + 'name': layer, + 'limit': limit, + 'offset': offset, + } + # in case there are empty sections after the last rule, we need them to appear in the reply and the limit might + # cut them out + if offset + limit >= rules_amount: + del payload_for_show_rulebase['limit'] + code, response = send_request(connection, version, show_rulebase_command, payload_for_show_rulebase) + offset = response['to'] + total = response['total'] + rulebase = response['rulebase'] + yield rulebase + if total <= offset: + return + + +# get 'to' or 'from' of given section +def get_edge_position_in_section(connection, version, layer, section_name, edge): + code, response = send_request(connection, version, "show-layer-structure", {'name': layer, 'details-level': 'uid'}) + if response['code'] == 'generic_err_command_not_found': + raise ValueError("The use of the relative_position field with a section as its value is available only for" + " version 1.7.1 with JHF take 42 and above") + sections_in_layer = response['root-section']['children'] + for section in sections_in_layer: + if section['name'] == section_name: + return int(section[edge + '-rule']) + + return None + + +# return the total amount of rules in the rulebase of the given layer +def get_rules_amount(connection, version, layer, show_rulebase_command): + payload_for_show_obj_rulebase = {'name': layer, 'limit': 0} + code, response = send_request(connection, version, show_rulebase_command, payload_for_show_obj_rulebase) + return int(response['total']) + + +def keep_searching_rulebase(position, current_section, relative_position, relative_position_is_section): + position_not_found = position is None + if relative_position_is_section and 'above' not in relative_position: + # if 'above' in relative_position then get_number_and_section_from_relative_position returns the previous section + # so there isn't a need to further search for the relative section + relative_section = list(relative_position.values())[0] + return position_not_found or current_section != relative_section + # if relative position is a rule then get_number_and_section_from_relative_position has already entered the section + # (if exists) that the relative rule is in + return position_not_found + + +def relative_position_is_section(connection, version, layer, relative_position): + if 'top' in relative_position or 'bottom' in relative_position: + return True + + relative_position_value = list(relative_position.values())[0] + code, response = send_request(connection, version, "show-access-section", {'layer': layer, 'name': relative_position_value}) + if code == 200: + return True + return False + + +def get_number_and_section_from_relative_position(payload, connection, version, rulebase, above_relative_position, pos_before_relative_empty_section): + section_name = None + position = None + for rules in rulebase: + if 'rulebase' in rules: + # cases relevant for relative-position=section + if 'above' in payload['position'] and rules['name'] == payload['position']['above']: + if len(rules['rulebase']) == 0: + position = pos_before_relative_empty_section if above_relative_position else pos_before_relative_empty_section + 1 + else: + # if the entire section isn't present in rulebase, the 'from' value of the section might not be + # the first position in the section, which is why we use get_edge_position_in_section + from_value = get_edge_position_in_section(connection, version, payload['layer'], rules['name'], "from") + if from_value is not None: # section exists in rulebase + position = max(from_value - 1, 1) if above_relative_position else from_value + return position, section_name, above_relative_position, pos_before_relative_empty_section + + # we update this only after the 'above' case since the section that should be returned in that case isn't + # the one we are currently iterating over (but the one beforehand) + section_name = rules['name'] + + if 'bottom' in payload['position'] and rules['name'] == payload['position']['bottom']: + if len(rules['rulebase']) == 0: + position = pos_before_relative_empty_section if above_relative_position else pos_before_relative_empty_section + 1 + else: + # if the entire section isn't present in rulebase, the 'to' value of the section might not be the + # last position in the section, which is why we use get_edge_position_in_section + to_value = get_edge_position_in_section(connection, version, payload['layer'], section_name, "to") + if to_value is not None and to_value == int(rules['to']): # meaning the entire section is present in rulebase + # is the rule already at the bottom of the section. Can infer this only if the entire section is + # present in rulebase + is_bottom = rules['rulebase'][-1]['name'] == payload['name'] + position = to_value if (above_relative_position or is_bottom) else to_value + 1 + # else: need to keep searching the rulebase, so position=None is returned + return position, section_name, above_relative_position, pos_before_relative_empty_section + + # setting a rule 'below' a section is equivalent to setting the rule at the top of that section + if ('below' in payload['position'] and section_name == payload['position']['below']) or \ + ('top' in payload['position'] and section_name == payload['position']['top']): + if len(rules['rulebase']) == 0: + position = pos_before_relative_empty_section if above_relative_position else pos_before_relative_empty_section + 1 + else: + # is the rule already at the top of the section + is_top = rules['rulebase'][0]['name'] == payload['name'] + position = max(int(rules['from']) - 1, 1) if (above_relative_position or not is_top) else int(rules['from']) + return position, section_name, above_relative_position, pos_before_relative_empty_section + + if len(rules['rulebase']) != 0: + # if search_entire_rulebase=True: even if rules['rulebase'] is cut (due to query limit) this will + # eventually be updated to the correct value in further calls + pos_before_relative_empty_section = int(rules['to']) + + rules = rules['rulebase'] + for rule in rules: + if payload['name'] == rule['name']: + above_relative_position = True + # cases relevant for relative-position=rule + if 'below' in payload['position'] and rule['name'] == payload['position']['below']: + position = int(rule['rule-number']) if above_relative_position else int(rule['rule-number']) + 1 + return position, section_name, above_relative_position, pos_before_relative_empty_section + elif 'above' in payload['position'] and rule['name'] == payload['position']['above']: + position = max(int(rule['rule-number']) - 1, 1) if above_relative_position else int(rule['rule-number']) + return position, section_name, above_relative_position, pos_before_relative_empty_section + + else: # cases relevant for relative-position=rule + if payload['name'] == rules['name']: + above_relative_position = True + if 'below' in payload['position'] and rules['name'] == payload['position']['below']: + position = int(rules['rule-number']) if above_relative_position else int(rules['rule-number']) + 1 + return position, section_name, above_relative_position, pos_before_relative_empty_section + elif 'above' in payload['position'] and rules['name'] == payload['position']['above']: + position = max(int(rules['rule-number']) - 1, 1) if above_relative_position else int(rules['rule-number']) + return position, section_name, above_relative_position, pos_before_relative_empty_section + + return position, section_name, above_relative_position, pos_before_relative_empty_section # None, None, False/True, x>=1 + + +# get the position in integer format and the section it is. +def get_number_and_section_from_position(payload, connection, version, api_call_object): + show_rulebase_command = get_relevant_show_rulebase_command(api_call_object) + if 'position' in payload: + section_name = None + if type(payload['position']) is not dict: + position = payload['position'] + if position == 'top': + position = 1 + return position, section_name + elif position == 'bottom': + position = get_rules_amount(connection, version, payload['layer'], show_rulebase_command) + code, response = send_request(connection, version, show_rulebase_command, {'name': payload['layer'], 'offset': position - 1}) + rulebase = reversed(response['rulebase']) + else: # is a number so we need to get the section (if exists) of the rule in that position + position = int(position) + payload_for_show_obj_rulebase = build_rulebase_payload(api_call_object, payload, position) + code, response = send_request(connection, version, show_rulebase_command, payload_for_show_obj_rulebase) + rulebase = response['rulebase'] + if position > response['total']: + raise ValueError("The given position " + str(position) + " of rule " + payload['name'] + + "exceeds the total amount of rules in the rulebase") + # in case position=1 and there are empty sections at the beginning of the rulebase we want to skip them + i = 0 + for rules in rulebase: + if 'rulebase' in rules and len(rules['rulebase']) == 0: + i += 1 + rulebase = rulebase[i:] + + for rules in rulebase: + if 'rulebase' in rules: + section_name = rules['name'] + return position, section_name + else: + return position, section_name # section = None + + else: + search_entire_rulebase = payload['search-entire-rulebase'] + position = None + # is the rule we're getting its position number above the rule it is relatively positioned to + above_relative_position = False + # no from-to in empty sections so can't infer the position from them -> need to keep track of the position + # before the empty relative section + pos_before_relative_empty_section = 1 + if not search_entire_rulebase: + code, response = send_request(connection, version, show_rulebase_command, {'name': payload['layer']}) + rulebase = response['rulebase'] + position, section_name, above_relative_position, pos_before_relative_empty_section = \ + get_number_and_section_from_relative_position(payload, connection, version, rulebase, + above_relative_position, pos_before_relative_empty_section) + else: + rules_amount = get_rules_amount(connection, version, payload['layer'], show_rulebase_command) + relative_pos_is_section = relative_position_is_section(connection, version, payload['layer'], payload['position']) + rulebase_generator = get_rulebase_generator(connection, version, payload['layer'], show_rulebase_command, rules_amount) + for rulebase in rulebase_generator: + position, section_name, above_relative_position, pos_before_relative_empty_section = \ + get_number_and_section_from_relative_position(payload, connection, version, rulebase, + above_relative_position, pos_before_relative_empty_section) + if not keep_searching_rulebase(position, section_name, payload['position'], relative_pos_is_section): + break + + return position, section_name + return None, None + + +# build the show rulebase payload +def build_rulebase_payload(api_call_object, payload, position_number): + rulebase_payload = {'name': payload['layer'], 'offset': position_number - 1, 'limit': 1} + + if api_call_object == 'threat-exception': + rulebase_payload['rule-name'] = payload['rule-name'] + + return rulebase_payload + + +def build_rulebase_command(api_call_object): + rulebase_command = 'show-' + api_call_object.split('-')[0] + '-rulebase' + + if api_call_object == 'threat-exception': + rulebase_command = 'show-threat-rule-exception-rulebase' + + return rulebase_command + + +# remove from payload unrecognized params (used for cases where add payload differs from that of a set) +def build_payload(api_call_object, payload, params_to_remove): + if api_call_object in params_to_remove: + for param in params_to_remove[api_call_object]: + del payload[param] + return payload + + +# extract first rule from given rulebase response and the section it is in. +def extract_rule_and_section_from_rulebase_response(response): + section_name = None + rule = response['rulebase'][0] + i = 0 + # skip empty sections (possible when offset=0) + while 'rulebase' in rule and len(rule['rulebase']) == 0: + i += 1 + rule = response['rulebase'][i] + + while 'rulebase' in rule: + section_name = rule['name'] + rule = rule['rulebase'][0] + + return rule, section_name + + +def get_relevant_show_rulebase_command(api_call_object): + if api_call_object == 'access-rule': + return 'show-access-rulebase' + elif api_call_object == "threat-rule": + return 'show-threat-rulebase' + elif api_call_object == "threat-exception": + return 'show-threat-rule-exception-rulebase' +# uncomment code below when https & nat modules are added as crud modules + # elif api_call_object == 'nat-rule': + # return 'show-nat-rulebase' + # elif api_call_object == 'https-rule': + # return 'show-https-rulebase' + + +# is the param position (if the user inserted it) equals between the object and the user input, as well as the section the rule is in +def is_equals_with_position_param(payload, connection, version, api_call_object): + + position_number, section_according_to_position = get_number_and_section_from_position(payload, connection, version, api_call_object) + + # In this case the one of the following has occurred: + # 1) There is no position param, then it's equals in vacuous truth + # 2) search_entire_rulebase = False so it's possible the relative rule wasn't found in the default limit or maybe doesn't even exist + # 3) search_entire_rulebase = True and the relative rule/section doesn't exist + if position_number is None: + return True + + rulebase_payload = build_rulebase_payload(api_call_object, payload, position_number) + rulebase_command = build_rulebase_command(api_call_object) + + code, response = send_request(connection, version, rulebase_command, rulebase_payload) + rule, section = extract_rule_and_section_from_rulebase_response(response) + + # if the names of the exist rule and the user input rule are equals, as well as the section they're in, then it + # means that their positions are equals so I return True. and there is no way that there is another rule with this + # name cause otherwise the 'equals' command would fail + if rule['name'] == payload['name'] and section_according_to_position == section: + return True + else: + return False + + +# get copy of the payload without some of the params +def extract_payload_without_some_params(payload, params_to_remove): + copy_payload = dict(payload) + for param in params_to_remove: + if param in copy_payload: + del copy_payload[param] + return copy_payload + + +# get copy of the payload with only some of the params +def extract_payload_with_some_params(payload, params_to_insert): + copy_payload = {} + for param in params_to_insert: + if param in payload: + copy_payload[param] = payload[param] + return copy_payload + + +# is equals with all the params including action and position +def is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule): + if is_access_rule and 'action' in payload: + payload_for_show = extract_payload_with_some_params(payload, ['name', 'uid', 'layer']) + code, response = send_request(connection, version, 'show-' + api_call_object, payload_for_show) + exist_action = response['action']['name'] + if exist_action.lower() != payload['action'].lower(): + if payload['action'].lower() != 'Apply Layer'.lower() or\ + exist_action.lower() != 'Inner Layer'.lower(): + return False + + # here the action is equals, so check the position param + if not is_equals_with_position_param(payload, connection, version, api_call_object): + return False + + return True + + +# handle api call for rule +def api_call_for_rule(module, api_call_object): + is_access_rule = True if 'access' in api_call_object else False + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + result = {'changed': False} + if module.check_mode: + return result + + if is_access_rule: + copy_payload_without_some_params = extract_payload_without_some_params(payload, ['action', 'position', 'search_entire_rulebase']) + else: + copy_payload_without_some_params = extract_payload_without_some_params(payload, ['position']) + payload_for_equals = {'type': api_call_object, 'params': copy_payload_without_some_params} + equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals) + result['checkpoint_session_uid'] = connection.get_session_uid() + handle_equals_failure(module, equals_code, equals_response) + + if module.params['state'] == 'present': + if equals_code == 200: + if equals_response['equals']: + if not is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule): + equals_response['equals'] = False + # else objects are equals and there is no need for set request + if not equals_response['equals']: + # if user insert param 'position' and needed to use the 'set' command, change the param name to 'new-position' + if 'position' in payload: + payload['new-position'] = payload['position'] + del payload['position'] + if 'search-entire-rulebase' in payload: + del payload['search-entire-rulebase'] + handle_call_and_set_result(connection, version, 'set-' + api_call_object, payload, module, result) + elif equals_code == 404: + if 'search-entire-rulebase' in payload: + del payload['search-entire-rulebase'] + handle_call_and_set_result(connection, version, 'add-' + api_call_object, payload, module, result) + elif module.params['state'] == 'absent': + handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result) + + return result + + +# check if call is in plural form +def call_is_plural(api_call_object, payload): + is_plural = False + if 'access' in api_call_object and payload.get("layer") is None: + is_plural = True + elif 'threat' in api_call_object and payload.get("layer") is None: + is_plural = True + elif 'nat' in api_call_object \ + and payload.get("name") is None \ + and payload.get("uid") is None \ + and payload.get("rule-number") is None: + is_plural = True + return is_plural + + +# handle api call facts for rule +def api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version): + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + # if there is no layer, the API command will be in plural version (e.g. show-hosts instead of show-host) + if call_is_plural(api_call_object, payload): + api_call_object = api_call_object_plural_version + + response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False) + result = {api_call_object: response} + return result + + +# The code from here till EOF will be deprecated when Rikis' modules will be deprecated +checkpoint_argument_spec = dict(auto_publish_session=dict(type='bool', default=True), + policy_package=dict(type='str', default='standard'), + auto_install_policy=dict(type='bool', default=True), + targets=dict(type='list') + ) + + +def publish(connection, uid=None): + payload = None + + if uid: + payload = {'uid': uid} + + connection.send_request('/web_api/publish', payload) + + +def discard(connection, uid=None): + payload = None + + if uid: + payload = {'uid': uid} + + connection.send_request('/web_api/discard', payload) + + +def install_policy(connection, policy_package, targets): + payload = {'policy-package': policy_package, + 'targets': targets} + + connection.send_request('/web_api/install-policy', payload) + + +def prepare_rule_params_for_execute_module(rule, module_args, position, below_rule_name): + rule['layer'] = module_args['layer'] + if 'details_level' in module_args.keys(): + rule['details_level'] = module_args['details_level'] + if 'state' not in rule.keys() or ('state' in rule.keys() and rule['state'] != 'absent'): + if below_rule_name: + relative_position = {'relative_position': {'below': below_rule_name}} + rule.update(relative_position) + else: + rule['position'] = position + position = position + 1 + below_rule_name = rule['name'] + + return rule, position, below_rule_name + + +def check_if_to_publish_for_action(result, module_args): + to_publish = ('auto_publish_session' in module_args.keys() and module_args['auto_publish_session']) and \ + ('changed' in result.keys() and result['changed'] is True) and ('failed' not in result.keys() or + result['failed'] is False) + return to_publish diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py new file mode 100644 index 000000000..dde5b24b6 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py @@ -0,0 +1,171 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_layer +short_description: Manages access-layer objects on Check Point over Web Services API +description: + - Manages access-layer objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + add_default_rule: + description: + - Indicates whether to include a cleanup rule in the new layer. + type: bool + applications_and_url_filtering: + description: + - Whether to enable Applications & URL Filtering blade on the layer. + type: bool + content_awareness: + description: + - Whether to enable Content Awareness blade on the layer. + type: bool + detect_using_x_forward_for: + description: + - Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP. + type: bool + firewall: + description: + - Whether to enable Firewall blade on the layer. + type: bool + implicit_cleanup_action: + description: + - The default "catch-all" action for traffic that does not match any explicit or implied rules in the layer. + type: str + choices: ['drop', 'accept'] + mobile_access: + description: + - Whether to enable Mobile Access blade on the layer. + type: bool + shared: + description: + - Whether this layer is shared. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-layer + cp_mgmt_access_layer: + name: New Layer 1 + state: present + +- name: set-access-layer + cp_mgmt_access_layer: + applications_and_url_filtering: false + data_awareness: true + name: New Layer 1 + state: present + +- name: delete-access-layer + cp_mgmt_access_layer: + name: New Layer 2 + state: absent +""" + +RETURN = """ +cp_mgmt_access_layer: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + add_default_rule=dict(type='bool'), + applications_and_url_filtering=dict(type='bool'), + content_awareness=dict(type='bool'), + detect_using_x_forward_for=dict(type='bool'), + firewall=dict(type='bool'), + implicit_cleanup_action=dict(type='str', choices=['drop', 'accept']), + mobile_access=dict(type='bool'), + shared=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-layer' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py new file mode 100644 index 000000000..40e98e990 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_layer_facts +short_description: Get access-layer objects facts on Check Point over Web Services API +description: + - Get access-layer objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-access-layer + cp_mgmt_access_layer_facts: + name: New Layer 1 + +- name: show-access-layers + cp_mgmt_access_layer_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "access-layer" + api_call_object_plural_version = "access-layers" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py new file mode 100644 index 000000000..1c9114484 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py @@ -0,0 +1,217 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_role +short_description: Manages access-role objects on Check Point over Web Services API +description: + - Manages access-role objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + machines_list: + description: + - Machines that can access the system. + type: list + elements: dict + suboptions: + source: + description: + - Active Directory name or UID or Identity Tag. + type: str + selection: + description: + - Name or UID of an object selected from source. + type: list + elements: str + base_dn: + description: + - When source is "Active Directory" use "base-dn" to refine the query in AD database. + type: str + machines: + description: + - Any or All Identified. + type: str + choices: ['any', 'all identified'] + networks: + description: + - Collection of Network objects identified by the name or UID that can access the system. + type: list + elements: str + remote_access_clients: + description: + - Remote access clients identified by name or UID. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + users_list: + description: + - Users that can access the system. + type: list + elements: dict + suboptions: + source: + description: + - Active Directory name or UID or Identity Tag or Internal User Groups or LDAP groups or Guests. + type: str + selection: + description: + - Name or UID of an object selected from source. + type: list + elements: str + base_dn: + description: + - When source is "Active Directory" use "base-dn" to refine the query in AD database. + type: str + users: + description: + - Any or All Identified. + type: str + choices: ['any', 'all identified'] + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-role + cp_mgmt_access_role: + name: New Access Role 1 + networks: any + remote_access_clients: any + state: present + users: any + +- name: set-access-role + cp_mgmt_access_role: + users_list: + - source: "Internal User Groups" + selection: usersGroup + name: New Access Role 1 + state: present + +- name: delete-access-role + cp_mgmt_access_role: + name: New Access Role 1 + state: absent +""" + +RETURN = """ +cp_mgmt_access_role: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + machines_list=dict(type='list', elements='dict', options=dict( + source=dict(type='str'), + selection=dict(type='list', elements='str'), + base_dn=dict(type='str') + )), + machines=dict(type='str', choices=['any', 'all identified']), + networks=dict(type='list', elements='str'), + remote_access_clients=dict(type='str'), + tags=dict(type='list', elements='str'), + users_list=dict(type='list', elements='dict', options=dict( + source=dict(type='str'), + selection=dict(type='list', elements='str'), + base_dn=dict(type='str') + )), + users=dict(type='str', choices=['any', 'all identified']), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-role' + + if module.params["machines_list"] is not None: + if module.params["machines"] is not None: + raise AssertionError("The use of both 'machines_list' and 'machines' arguments isn't allowed") + module.params["machines"] = module.params["machines_list"] + module.params.pop("machines_list") + + if module.params["users_list"] is not None: + if module.params["users"] is not None: + raise AssertionError("The use of both 'users_list' and 'users' arguments isn't allowed") + module.params["users"] = module.params["users_list"] + module.params.pop("users_list") + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py new file mode 100644 index 000000000..6a8805e8c --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py @@ -0,0 +1,125 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_role_facts +short_description: Get access-role objects facts on Check Point over Web Services API +description: + - Get access-role objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-access-role + cp_mgmt_access_role_facts: + name: New Access Role 1 + +- name: show-access-roles + cp_mgmt_access_role_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "access-role" + api_call_object_plural_version = "access-roles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py new file mode 100644 index 000000000..11f359fe0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py @@ -0,0 +1,423 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_rule +short_description: Manages access-rule objects on Check Point over Web Services API +description: + - Manages access-rule objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + position: + description: + - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent. + type: str + relative_position: + description: + - Position in the rulebase. + - Use of this field may not be idempotent. + type: dict + suboptions: + below: + description: + - Add rule below specific rule/section identified by name (limited to 50 rules if + search_entire_rulebase is False). + type: str + above: + description: + - Add rule above specific rule/section identified by name (limited to 50 rules if + search_entire_rulebase is False). + type: str + top: + description: + - Add rule to the top of a specific section identified by name (limited to 50 rules if + search_entire_rulebase is False). + type: str + bottom: + description: + - Add rule to the bottom of a specific section identified by name (limited to 50 rules if + search_entire_rulebase is False). + type: str + search_entire_rulebase: + description: + - Whether to search the entire rulebase for a rule that's been edited in its relative_position field to make sure + there indeed has been a change in its position or the section it might be in. + type: bool + default: False + name: + description: + - Object name. + type: str + required: True + action: + description: + - a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer". + type: str + action_settings: + description: + - Action settings. + type: dict + suboptions: + enable_identity_captive_portal: + description: + - N/A + type: bool + limit: + description: + - N/A + type: str + content: + description: + - List of processed file types that this rule applies on. + type: list + elements: dict + content_direction: + description: + - On which direction the file types processing is applied. + type: str + choices: ['any', 'up', 'down'] + content_negate: + description: + - True if negate is set for data. + type: bool + custom_fields: + description: + - Custom fields. + type: dict + suboptions: + field_1: + description: + - First custom field. + type: str + field_2: + description: + - Second custom field. + type: str + field_3: + description: + - Third custom field. + type: str + destination: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + destination_negate: + description: + - True if negate is set for destination. + type: bool + enabled: + description: + - Enable/Disable the rule. + type: bool + inline_layer: + description: + - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer". + type: str + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + service: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + service_negate: + description: + - True if negate is set for service. + type: bool + source: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + source_negate: + description: + - True if negate is set for source. + type: bool + time: + description: + - List of time objects. For example, "Weekend", "Off-Work", "Every-Day". + type: list + elements: str + track: + description: + - Track Settings. + type: dict + suboptions: + accounting: + description: + - Turns accounting for track on and off. + type: bool + alert: + description: + - Type of alert for the track. + type: str + choices: ['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3'] + enable_firewall_session: + description: + - Determine whether to generate session log to firewall only connections. + type: bool + per_connection: + description: + - Determines whether to perform the log per connection. + type: bool + per_session: + description: + - Determines whether to perform the log per session. + type: bool + type: + description: + - a "Log", "Extended Log", "Detailed Log", "None". + type: str + user_check: + description: + - User check settings. + type: dict + suboptions: + confirm: + description: + - N/A + type: str + choices: ['per rule', 'per category', 'per application/site', 'per data type'] + custom_frequency: + description: + - N/A + type: dict + suboptions: + every: + description: + - N/A + type: int + unit: + description: + - N/A + type: str + choices: ['hours', 'days', 'weeks', 'months'] + frequency: + description: + - N/A + type: str + choices: ['once a day', 'once a week', 'once a month', 'custom frequency...'] + interaction: + description: + - N/A + type: str + vpn_list: + description: + - Communities or Directional. + type: list + elements: dict + suboptions: + community: + description: + - List of community name or UID. + type: list + elements: str + directional: + description: + - Communities directional match condition. + type: list + elements: dict + suboptions: + from: + description: + - From community name or UID. + type: str + to: + description: + - To community name or UID. + type: str + vpn: + description: + - Any or All_GwToGw. + type: str + choices: ['Any', 'All_GwToGw'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-rule + cp_mgmt_access_rule: + layer: Network + name: Rule 1 + position: 1 + service: + - SMTP + - AOL + vpn: All_GwToGw + state: present + +- name: set-access-rule + cp_mgmt_access_rule: + action: Ask + action_settings: + enable_identity_captive_portal: true + limit: Upload_1Gbps + layer: Network + name: Rule 1 + state: present + +- name: delete-access-rule + cp_mgmt_access_rule: + layer: Network + name: Rule 2 + state: absent +""" + +RETURN = """ +cp_mgmt_access_rule: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule + + +def main(): + argument_spec = dict( + layer=dict(type='str'), + position=dict(type='str'), + relative_position=dict(type='dict', options=dict( + below=dict(type='str'), + above=dict(type='str'), + top=dict(type='str'), + bottom=dict(type='str') + )), + search_entire_rulebase=dict(type='bool', default=False), + name=dict(type='str', required=True), + action=dict(type='str'), + action_settings=dict(type='dict', options=dict( + enable_identity_captive_portal=dict(type='bool'), + limit=dict(type='str') + )), + content=dict(type='list', elements='dict'), + content_direction=dict(type='str', choices=['any', 'up', 'down']), + content_negate=dict(type='bool'), + custom_fields=dict(type='dict', options=dict( + field_1=dict(type='str'), + field_2=dict(type='str'), + field_3=dict(type='str') + )), + destination=dict(type='list', elements='str'), + destination_negate=dict(type='bool'), + enabled=dict(type='bool'), + inline_layer=dict(type='str'), + install_on=dict(type='list', elements='str'), + service=dict(type='list', elements='str'), + service_negate=dict(type='bool'), + source=dict(type='list', elements='str'), + source_negate=dict(type='bool'), + time=dict(type='list', elements='str'), + track=dict(type='dict', options=dict( + accounting=dict(type='bool'), + alert=dict(type='str', choices=['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']), + enable_firewall_session=dict(type='bool'), + per_connection=dict(type='bool'), + per_session=dict(type='bool'), + type=dict(type='str') + )), + user_check=dict(type='dict', options=dict( + confirm=dict(type='str', choices=['per rule', 'per category', 'per application/site', 'per data type']), + custom_frequency=dict(type='dict', options=dict( + every=dict(type='int'), + unit=dict(type='str', choices=['hours', 'days', 'weeks', 'months']) + )), + frequency=dict(type='str', choices=['once a day', 'once a week', 'once a month', 'custom frequency...']), + interaction=dict(type='str') + )), + vpn_list=dict(type='list', elements='dict', options=dict( + community=dict(type='list', elements='str'), + directional=dict(type='list', elements='dict', options=dict( + to=dict(type='str') + )) + )), + vpn=dict(type='str', choices=['Any', 'All_GwToGw']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec['vpn_list']['options']['directional']['options']['from'] = dict(type='str') + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-rule' + + if module.params["vpn_list"] is not None: + if module.params["vpn"] is not None: + raise AssertionError("The use of both 'vpn_list' and 'vpn' arguments isn't allowed") + module.params["vpn"] = module.params["vpn_list"] + module.params.pop("vpn_list") + + if module.params["relative_position"] is not None: + if module.params["position"] is not None: + raise AssertionError("The use of both 'relative_position' and 'position' arguments isn't allowed") + module.params["position"] = module.params["relative_position"] + module.params.pop("relative_position") + + if module.params['action'] is None and module.params['position'] is None: + module.params.pop("search_entire_rulebase") + result = api_call(module, api_call_object) + else: + result = api_call_for_rule(module, api_call_object) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py new file mode 100644 index 000000000..3519e6ba1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py @@ -0,0 +1,245 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_rule_facts +short_description: Get access-rule objects facts on Check Point over Web Services API +description: + - Get access-rule objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. Should be unique in the domain. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + show_as_ranges: + description: + - When true, the source, destination and services & applications parameters are displayed as ranges of IP addresses and port numbers rather than + network objects.<br /> Objects that are not represented using IP addresses or port numbers are presented as objects.<br /> In addition, the response + of each rule does not contain the parameters, source, source-negate, destination, destination-negate, service and service-negate, but instead it + contains the parameters, source-ranges, destination-ranges and service-ranges.<br /><br /> Note, Requesting to show rules as ranges is limited up to + 20 rules per request, otherwise an error is returned. If you wish to request more rules, use the offset and limit parameters to limit your request. + type: bool + show_hits: + description: + - N/A + type: bool + hits_settings: + description: + - N/A + type: dict + suboptions: + from_date: + description: + - Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'. + type: str + target: + description: + - Target gateway name or UID. + type: str + to_date: + description: + - Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + package: + description: + - Name of the package. + type: str + use_object_dictionary: + description: + - N/A + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-access-rule + cp_mgmt_access_rule_facts: + layer: Network + name: Rule 1 + +- name: show-access-rulebase + cp_mgmt_access_rule_facts: + details_level: standard + limit: 20 + name: Network + offset: 0 + use_object_dictionary: true +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + show_as_ranges=dict(type='bool'), + show_hits=dict(type='bool'), + hits_settings=dict(type='dict', options=dict( + from_date=dict(type='str'), + target=dict(type='str'), + to_date=dict(type='str') + )), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + package=dict(type='str'), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "access-rule" + api_call_object_plural_version = "access-rulebase" + + result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py new file mode 100644 index 000000000..1597ab281 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py @@ -0,0 +1,373 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_rules +short_description: Manages access-rules objects on Check Point over Web Services API +description: + - Manages access-rules objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.2.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + required: true + rules: + description: + - List of rules. + type: list + elements: dict + required: true + suboptions: + name: + description: + - Object name. + type: str + required: True + action: + description: + - a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer". + type: str + action_settings: + description: + - Action settings. + type: dict + suboptions: + enable_identity_captive_portal: + description: + - N/A + type: bool + limit: + description: + - N/A + type: str + content: + description: + - List of processed file types that this rule applies on. + type: list + elements: dict + content_direction: + description: + - On which direction the file types processing is applied. + type: str + choices: ['any', 'up', 'down'] + content_negate: + description: + - True if negate is set for data. + type: bool + custom_fields: + description: + - Custom fields. + type: dict + suboptions: + field_1: + description: + - First custom field. + type: str + field_2: + description: + - Second custom field. + type: str + field_3: + description: + - Third custom field. + type: str + destination: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + destination_negate: + description: + - True if negate is set for destination. + type: bool + enabled: + description: + - Enable/Disable the rule. + type: bool + inline_layer: + description: + - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer". + type: str + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + service: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + service_negate: + description: + - True if negate is set for service. + type: bool + source: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + source_negate: + description: + - True if negate is set for source. + type: bool + time: + description: + - List of time objects. For example, "Weekend", "Off-Work", "Every-Day". + type: list + elements: str + track: + description: + - Track Settings. + type: dict + suboptions: + accounting: + description: + - Turns accounting for track on and off. + type: bool + alert: + description: + - Type of alert for the track. + type: str + choices: ['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3'] + enable_firewall_session: + description: + - Determine whether to generate session log to firewall only connections. + type: bool + per_connection: + description: + - Determines whether to perform the log per connection. + type: bool + per_session: + description: + - Determines whether to perform the log per session. + type: bool + type: + description: + - a "Log", "Extended Log", "Detailed Log", "None". + type: str + user_check: + description: + - User check settings. + type: dict + suboptions: + confirm: + description: + - N/A + type: str + choices: ['per rule', 'per category', 'per application/site', 'per data type'] + custom_frequency: + description: + - N/A + type: dict + suboptions: + every: + description: + - N/A + type: int + unit: + description: + - N/A + type: str + choices: ['hours', 'days', 'weeks', 'months'] + frequency: + description: + - N/A + type: str + choices: ['once a day', 'once a week', 'once a month', 'custom frequency...'] + interaction: + description: + - N/A + type: str + vpn: + description: + - Communities or Directional. + type: list + elements: dict + suboptions: + community: + description: + - List of community name or UID. + type: list + elements: dict + directional: + description: + - Communities directional match condition. + type: list + elements: dict + suboptions: + from: + description: + - From community name or UID. + type: str + to: + description: + - To community name or UID. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + state: + description: + - State of the access rule (present or absent). Defaults to present. + type: str + default: present + choices: + - 'present' + - 'absent' + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_objects_action_module +""" + +EXAMPLES = """ +- name: add-access-rules + cp_mgmt_access_rules: + rules: + - name: Rule 1 + service: + - SMTP + - AOL + state: present + - name: Rule 2 + service: + - SMTP + state: present + layer: Network + auto_publish_session: true +""" + +RETURN = """ +cp_mgmt_access_rules: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import \ + checkpoint_argument_spec_for_action_module + + +def main(): + argument_spec = dict( + rules=dict(type='list', required=True, elements='dict', options=dict( + name=dict(type='str', required=True), + action=dict(type='str'), + action_settings=dict(type='dict', options=dict( + enable_identity_captive_portal=dict(type='bool'), + limit=dict(type='str') + )), + content=dict(type='list', elements='dict'), + content_direction=dict(type='str', choices=['any', 'up', 'down']), + content_negate=dict(type='bool'), + custom_fields=dict(type='dict', options=dict( + field_1=dict(type='str'), + field_2=dict(type='str'), + field_3=dict(type='str') + )), + destination=dict(type='list', elements='str'), + destination_negate=dict(type='bool'), + enabled=dict(type='bool'), + inline_layer=dict(type='str'), + install_on=dict(type='list', elements='str'), + service=dict(type='list', elements='str'), + service_negate=dict(type='bool'), + source=dict(type='list', elements='str'), + source_negate=dict(type='bool'), + time=dict(type='list', elements='str'), + track=dict(type='dict', options=dict( + accounting=dict(type='bool'), + alert=dict(type='str', + choices=['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']), + enable_firewall_session=dict(type='bool'), + per_connection=dict(type='bool'), + per_session=dict(type='bool'), + type=dict(type='str') + )), + user_check=dict(type='dict', options=dict( + confirm=dict(type='str', choices=['per rule', 'per category', 'per application/site', 'per data type']), + custom_frequency=dict(type='dict', options=dict( + every=dict(type='int'), + unit=dict(type='str', choices=['hours', 'days', 'weeks', 'months']) + )), + frequency=dict(type='str', + choices=['once a day', 'once a week', 'once a month', 'custom frequency...']), + interaction=dict(type='str') + )), + vpn=dict(type='list', elements='dict', options=dict( + community=dict(type='list', elements='dict'), + directional=dict(type='list', elements='dict', options=dict( + to=dict(type='str') + )) + )), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + state=dict(type='str', choices=['present', 'absent'], default='present') + + )), + layer=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + + argument_spec['rules']['options']['vpn']['options']['directional']['options']['from'] = dict(type='str') + argument_spec.update(checkpoint_argument_spec_for_action_module) + + module = AnsibleModule(argument_spec=argument_spec) + + module.exit_json() + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py new file mode 100644 index 000000000..01a47a503 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py @@ -0,0 +1,119 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_section +short_description: Manages access-section objects on Checkpoint over Web Services API +description: + - Manages access-section objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + position: + description: + - Position in the rulebase. + type: str + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-section + cp_mgmt_access_section: + layer: Network + name: New Section 1 + position: 1 + state: present + +- name: set-access-section + cp_mgmt_access_section: + layer: Network + name: New Section 1 + state: present + +- name: delete-access-section + cp_mgmt_access_section: + layer: Network + name: New Section 2 + state: absent +""" + +RETURN = """ +cp_mgmt_access_section: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + layer=dict(type='str'), + position=dict(type='str'), + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-section' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py new file mode 100644 index 000000000..641cea5e9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py @@ -0,0 +1,84 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_api_key +short_description: Add API key for administrator, to enable login with it. For the key to be valid publish is needed. +description: + - Add API key for administrator, to enable login with it. For the key to be valid publish is needed. <br>When using mgmt_cli tool, add -f json to get + the key in the command's output. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + admin_uid: + description: + - Administrator uid to generate API key for. + type: str + admin_name: + description: + - Administrator name to generate API key for. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-api-key + cp_mgmt_add_api_key: + admin_name: admin + state: present +""" + +RETURN = """ +cp_mgmt_add_api_key: + description: The checkpoint add-api-key output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + admin_uid=dict(type='str'), + admin_name=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-api-key" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py new file mode 100644 index 000000000..c4ad1d16f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_data_center_object +short_description: Imports a Data Center Object from a Data Center Server.<br> Data Center Object represents an object in the cloud environment. +description: + - Imports a Data Center Object from a Data Center Server.<br> Data Center Object represents an object in the cloud environment, e.g. a virtual machine, + cluster, network and more.<br> Use the show-data-center-content command to see the Data Center Objects that can be imported from a Data Center Server. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + data_center_name: + description: + - Name of the Data Center Server the object is in. + type: str + data_center_uid: + description: + - Unique identifier of the Data Center Server the object is in. + type: str + uri: + description: + - URI of the object in the Data Center Server. + type: str + uid_in_data_center: + description: + - Unique identifier of the object in the Data Center Server. + type: str + name: + description: + - Override default name on data-center. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-data-center-object + cp_mgmt_add_data_center_object: + data_center_name: vCenter 1 + name: VM1 mgmt name + state: present + uri: /Datacenters/VMs/My VM1 +""" + +RETURN = """ +cp_mgmt_add_data_center_object: + description: The checkpoint add-data-center-object output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + data_center_name=dict(type='str'), + data_center_uid=dict(type='str'), + uri=dict(type='str'), + uid_in_data_center=dict(type='str'), + name=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-data-center-object" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py new file mode 100644 index 000000000..bde1d9f4b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py @@ -0,0 +1,164 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_domain +short_description: Create new object +description: + - Create new object + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + servers: + description: + - Domain servers. When this field is provided, 'set-domain' command is executed asynchronously. + type: list + elements: dict + suboptions: + name: + description: + - Object name. Must be unique in the domain. + type: str + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + multi_domain_server: + description: + - Multi Domain server name or UID. + type: str + active: + description: + - Activate domain server. Only one domain server is allowed to be active + type: bool + skip_start_domain_server: + description: + - Set this value to be true to prevent starting the new created domain. + type: bool + type: + description: + - Domain server type. + type: str + choices: ['management server', 'log server', 'smc'] + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-domain + cp_mgmt_add_domain: + name: domain1 + servers: + ip_address: 192.0.2.1 + multi_domain_server: MDM_Server + name: domain1_ManagementServer_1 +""" + +RETURN = """ +cp_mgmt_domain: + description: The checkpoint add-domain output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + servers=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + multi_domain_server=dict(type='str'), + active=dict(type='bool'), + skip_start_domain_server=dict(type='bool'), + type=dict(type='str', choices=['management server', 'log server', 'smc']) + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + command = 'add-domain' + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py new file mode 100644 index 000000000..8b1151bd9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py @@ -0,0 +1,159 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_nat_rule +short_description: Create new object. +description: + - Create new object. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + package: + description: + - Name of the package. + type: str + position: + description: + - Position in the rulebase. + type: str + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + method: + description: + - Nat method. + type: str + choices: ['static', 'hide', 'nat64', 'nat46'] + original_destination: + description: + - Original destination. + type: str + original_service: + description: + - Original service. + type: str + original_source: + description: + - Original source. + type: str + translated_destination: + description: + - Translated destination. + type: str + translated_service: + description: + - Translated service. + type: str + translated_source: + description: + - Translated source. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-nat-rule + cp_mgmt_add_nat_rule: + comments: comment example1 nat999 + enabled: false + install_on: + - Policy Targets + original_destination: All_Internet + original_source: Any + package: standard + position: 1 + state: present +""" + +RETURN = """ +cp_mgmt_add_nat_rule: + description: The checkpoint add-nat-rule output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + package=dict(type='str'), + position=dict(type='str'), + enabled=dict(type='bool'), + install_on=dict(type='list', elements='str'), + method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']), + original_destination=dict(type='str'), + original_service=dict(type='str'), + original_source=dict(type='str'), + translated_destination=dict(type='str'), + translated_service=dict(type='str'), + translated_source=dict(type='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-nat-rule" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py new file mode 100644 index 000000000..58f7bb3bd --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py @@ -0,0 +1,136 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_rules_batch +short_description: Creates new rules in batch. Use this API to achieve optimum performance when adding more than one rule. +description: + - Creates new rules in batch. Use this API to achieve optimum performance when adding more than one rule. + - Add multiple rules to a layer in a specific position, incrementing position by one for each rule. + - Errors and warnings are ignored when using this API, operation will apply changes while ignoring errors. It is not + possible to publish changes that contain validations errors. You must use the "show-validations" API to see any + validation errors and warnings caused by the batch creation. Supported rules types are access-rule, nat-rule, + https-rule and threat-exception. + - This module is not idempotent. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + objects: + description: + - Batch of rules separated by types. + type: list + elements: dict + suboptions: + layer: + description: + - Layer name or uid. + type: str + type: + description: + - Type of rules to be created. <br>Only types from above are supported. + type: str + first_position: + description: + - First rule position. + type: str + list: + description: + - List of rules from the same type to be created on the same layer. <br>Use the "add" API reference documentation for a single rule + command to find the expected fields for the request. <br>For example, to add access-rules, use the "add-access-rule" command found in the API + reference documentation (under Access Control & NAT). <br>Note, "set-if-exists", "ignore-errors", "ignore-warnings" and "details-level" options + are not supported when adding a batch of rules. + type: list + elements: dict + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-rules-batch + cp_mgmt_add_rules_batch: + objects: + - first_position: top + layer: Network + list: + - action: accept + name: access rule 1 + - action: accept + name: access rule 2 + type: access-rule + - first_position: top + layer: Standard + list: + - name: nat rule 1 + - name: nat rule 2 + type: nat-rule + - first_position: top + layer: Default Layer + list: + - name: https rule 1 + - name: https rule 2 + type: https-rule + +""" + +RETURN = """ +cp_mgmt_add_rules_batch: + description: The checkpoint add-rules-batch output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + objects=dict(type='list', elements='dict', options=dict( + layer=dict(type='str'), + type=dict(type='str'), + first_position=dict(type='str'), + list=dict(type='list', elements='dict') + )), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-rules-batch" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py new file mode 100644 index 000000000..c678eb832 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py @@ -0,0 +1,215 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_address_range +short_description: Manages address-range objects on Check Point over Web Services API +description: + - Manages address-range objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address_first: + description: + - First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_first: + description: + - First IPv4 address in the range. + type: str + ipv6_address_first: + description: + - First IPv6 address in the range. + type: str + ip_address_last: + description: + - Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_last: + description: + - Last IPv4 address in the range. + type: str + ipv6_address_last: + description: + - Last IPv6 address in the range. + type: str + nat_settings: + description: + - NAT settings. + type: dict + suboptions: + auto_rule: + description: + - Whether to add automatic address translation rules. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not + required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway". + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hide_behind: + description: + - Hide behind method. This parameter is not required in case "method" parameter is "static". + type: str + choices: ['gateway', 'ip-address'] + install_on: + description: + - Which gateway should apply the NAT translation. + type: str + method: + description: + - NAT translation method. + type: str + choices: ['hide', 'static'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-address-range + cp_mgmt_address_range: + ip_address_first: 192.0.2.1 + ip_address_last: 192.0.2.10 + name: New Address Range 1 + state: present + +- name: set-address-range + cp_mgmt_address_range: + color: green + ip_address_first: 192.0.2.1 + ip_address_last: 192.0.2.1 + name: New Address Range 1 + new_name: New Address Range 2 + state: present + +- name: delete-address-range + cp_mgmt_address_range: + name: New Address Range 2 + state: absent +""" + +RETURN = """ +cp_mgmt_address_range: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address_first=dict(type='str'), + ipv4_address_first=dict(type='str'), + ipv6_address_first=dict(type='str'), + ip_address_last=dict(type='str'), + ipv4_address_last=dict(type='str'), + ipv6_address_last=dict(type='str'), + nat_settings=dict(type='dict', options=dict( + auto_rule=dict(type='bool'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + hide_behind=dict(type='str', choices=['gateway', 'ip-address']), + install_on=dict(type='str'), + method=dict(type='str', choices=['hide', 'static']) + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'address-range' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py new file mode 100644 index 000000000..f9032eef1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_address_range_facts +short_description: Get address-range objects facts on Check Point over Web Services API +description: + - Get address-range objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-address-range + cp_mgmt_address_range_facts: + name: New Address Range 1 + +- name: show-address-ranges + cp_mgmt_address_range_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "address-range" + api_call_object_plural_version = "address-ranges" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py new file mode 100644 index 000000000..7568f742c --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py @@ -0,0 +1,231 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_administrator +short_description: Manages administrator objects on Checkpoint over Web Services API +description: + - Manages administrator objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + authentication_method: + description: + - Authentication method. + type: str + choices: ['undefined', 'check point password', 'os password', 'securid', 'radius', 'tacacs', 'ad authentication', 'api key'] + email: + description: + - Administrator email. + type: str + expiration_date: + description: + - Format, YYYY-MM-DD, YYYY-mm-ddThh,mm,ss. + type: str + multi_domain_profile: + description: + - Administrator multi-domain profile. + type: str + must_change_password: + description: + - True if administrator must change password on the next login. + type: bool + password: + description: + - Administrator password. + type: str + password_hash: + description: + - Administrator password hash. + type: str + permissions_profile: + description: + - Permission profile + type: str + permissions_profile_list: + description: + - Administrator permissions profile. Permissions profile should not be provided when multi-domain-profile is set to "Multi-Domain Super User" or + "Domain Super User". Used only in MDS. + type: list + elements: dict + suboptions: + profile: + description: + - Permission profile. + type: str + domain: + description: + - Domain. + type: str + phone_number: + description: + - Administrator phone number. + type: str + radius_server: + description: + - RADIUS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "RADIUS". + type: str + tacacs_server: + description: + - TACACS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "TACACS". + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-administrator + cp_mgmt_administrator: + authentication_method: check point password + email: admin@gmail.com + must_change_password: false + name: admin + password: secret + permissions_profile: read write all + phone_number: 1800-800-800 + state: present + +- name: set-administrator + cp_mgmt_administrator: + name: admin + password: new secret + permissions_profile: read only profile + state: present + +- name: delete-administrator + cp_mgmt_administrator: + name: admin + state: absent + +- name: add-administrator-in-MDS + cp_mgmt_administrator: + authentication_method: check point password + email: admin@gmail.com + must_change_password: false + name: admin + password: secret + permissions_profile_list: + profile: read write all + domain: dom1 + phone_number: 1800-800-800 + state: present +""" + +RETURN = """ +cp_mgmt_administrator: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + authentication_method=dict(type='str', choices=['undefined', 'check point password', + 'os password', 'securid', 'radius', 'tacacs', 'ad authentication', 'api key']), + email=dict(type='str'), + expiration_date=dict(type='str'), + multi_domain_profile=dict(type='str'), + must_change_password=dict(type='bool'), + password=dict(type='str', no_log=True), + password_hash=dict(type='str', no_log=True), + permissions_profile=dict(type='str'), + permissions_profile_list=dict(type='list', elements='dict', options=dict( + profile=dict(type='str'), + domain=dict(type='str') + )), + phone_number=dict(type='str'), + radius_server=dict(type='str'), + tacacs_server=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'administrator' + + if module.params["permissions_profile_list"] is not None: + if module.params["permissions_profile"] is not None: + raise AssertionError("The use of both 'permissions_profile_list' and 'permissions_profile' arguments isn't allowed") + module.params["permissions_profile"] = module.params["permissions_profile_list"] + module.params.pop("permissions_profile_list") + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py new file mode 100644 index 000000000..affd2febe --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_administrator_facts +short_description: Get administrator objects facts on Checkpoint over Web Services API +description: + - Get administrator objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-administrator + cp_mgmt_administrator_facts: + name: admin + +- name: show-administrators + cp_mgmt_administrator_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "administrator" + api_call_object_plural_version = "administrators" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py new file mode 100644 index 000000000..36b042a10 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py @@ -0,0 +1,180 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site +short_description: Manages application-site objects on Check Point over Web Services API +description: + - Manages application-site objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + primary_category: + description: + - Each application is assigned to one primary category based on its most defining aspect. + type: str + url_list: + description: + - URLs that determine this particular application. + type: list + elements: str + application_signature: + description: + - Application signature generated by <a + href="https,//supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103051">Signature Tool</a>. + type: str + additional_categories: + description: + - Used to configure or edit the additional categories of a custom application / site used in the Application and URL Filtering or Threat Prevention. + type: list + elements: str + description: + description: + - A description for the application. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + urls_defined_as_regular_expression: + description: + - States whether the URL is defined as a Regular Expression or not. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-application-site + cp_mgmt_application_site: + additional_categories: + - Instant Chat + - Supports Streaming + - New Application Site Category 1 + description: My Application Site + name: New Application Site 1 + primary_category: Social Networking + state: present + url_list: + - www.cnet.com + - www.stackoverflow.com + urls_defined_as_regular_expression: false + +- name: set-application-site + cp_mgmt_application_site: + description: My New Application Site + name: New Application Site 1 + primary_category: Instant Chat + state: present + urls_defined_as_regular_expression: true + +- name: delete-application-site + cp_mgmt_application_site: + name: New Application Site 2 + state: absent +""" + +RETURN = """ +cp_mgmt_application_site: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + primary_category=dict(type='str'), + url_list=dict(type='list', elements='str'), + application_signature=dict(type='str'), + additional_categories=dict(type='list', elements='str'), + description=dict(type='str'), + tags=dict(type='list', elements='str'), + urls_defined_as_regular_expression=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'application-site' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py new file mode 100644 index 000000000..4c3d94d13 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_category +short_description: Manages application-site-category objects on Check Point over Web Services API +description: + - Manages application-site-category objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + description: + description: + - N/A + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-application-site-category + cp_mgmt_application_site_category: + description: My Application Site category + name: New Application Site Category 1 + state: present + +- name: set-application-site-category + cp_mgmt_application_site_category: + description: My new Application Site category + name: New Application Site Category 1 + state: present + +- name: delete-application-site-category + cp_mgmt_application_site_category: + name: New Application Site Category 2 + state: absent +""" + +RETURN = """ +cp_mgmt_application_site_category: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + description=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'application-site-category' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py new file mode 100644 index 000000000..3c3653b5b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_category_facts +short_description: Get application-site-category objects facts on Check Point over Web Services API +description: + - Get application-site-category objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-application-site-category + cp_mgmt_application_site_category_facts: + name: Social Networking + +- name: show-application-site-categories + cp_mgmt_application_site_category_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "application-site-category" + api_call_object_plural_version = "application-site-categories" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py new file mode 100644 index 000000000..2618cf6fb --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py @@ -0,0 +1,137 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_facts +short_description: Get application-site objects facts on Check Point over Web Services API +description: + - Get application-site objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + application_id: + description: + - Object application identifier. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-application-site + cp_mgmt_application_site_facts: + name: facebook + +- name: show-application-sites + cp_mgmt_application_site_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + application_id=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "application-site" + api_call_object_plural_version = "application-sites" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py new file mode 100644 index 000000000..58c072771 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_group +short_description: Manages application-site-group objects on Check Point over Web Services API +description: + - Manages application-site-group objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + members: + description: + - Collection of application and URL filtering objects identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-application-site-group + cp_mgmt_application_site_group: + members: + - facebook + - Social Networking + - New Application Site 1 + - New Application Site Category 1 + name: New Application Site Group 1 + state: present + +- name: set-application-site-group + cp_mgmt_application_site_group: + name: New Application Site Group 1 + members: + - AliveProxy + state: present + +- name: delete-application-site-group + cp_mgmt_application_site_group: + name: New Application Site Group 1 + state: absent +""" + +RETURN = """ +cp_mgmt_application_site_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + members=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'application-site-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py new file mode 100644 index 000000000..8a7ac74d4 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py @@ -0,0 +1,137 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_group_facts +short_description: Get application-site-group objects facts on Check Point over Web Services API +description: + - Get application-site-group objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-application-site-group + cp_mgmt_application_site_group_facts: + name: New Application Site Group 1 + +- name: show-application-site-groups + cp_mgmt_application_site_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "application-site-group" + api_call_object_plural_version = "application-site-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py new file mode 100644 index 000000000..d87b5738d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py @@ -0,0 +1,77 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_approve_session +short_description: Workflow feature - Approve and Publish the session. +description: + - Workflow feature - Approve and Publish the session. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uid: + description: + - Session unique identifier. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: approve-session + cp_mgmt_approve_session: + uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +""" + +RETURN = """ +cp_mgmt_approve_session: + description: The checkpoint approve-session output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uid=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "approve-session" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py new file mode 100644 index 000000000..f1b1df75d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py @@ -0,0 +1,92 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_assign_global_assignment +short_description: assign global assignment on Check Point over Web Services API +description: + - assign global assignment on Check Point over Web Services API + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + dependent_domains: + description: + - N/A + type: list + elements: str + global_domains: + description: + - N/A + type: list + elements: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: assign-global-assignment + cp_mgmt_assign_global_assignment: + dependent_domains: domain1 + global_domains: Global2 +""" + +RETURN = """ +cp_mgmt_assign_global_assignment: + description: The checkpoint assign-global-assignment output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + dependent_domains=dict(type='list', elements='str'), + global_domains=dict(type='list', elements='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "assign-global-assignment" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py new file mode 100644 index 000000000..8c93bf16f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py @@ -0,0 +1,203 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_check_network_feed +short_description: Check if a target can reach or parse a network feed; can work with an existing feed object or with a + new one (by providing all relevant feed parameters). +description: + - Check if a target can reach or parse a network feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters). + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + network_feed: + description: + - network feed parameters. + type: dict + suboptions: + name: + description: + - Object name. + type: str + feed_url: + description: + - URL of the feed. URL should be written as http or https. + type: str + certificate_id: + description: + - Certificate SHA-1 fingerprint to access the feed. + type: str + feed_format: + description: + - Feed file format. + type: str + choices: ['Flat List', 'JSON'] + feed_type: + description: + - Feed type to be enforced. + type: str + choices: ['Domain', 'IP Address', 'IP Address/Domain'] + password: + description: + - password for authenticating with the URL. + type: str + username: + description: + - username for authenticating with the URL. + type: str + custom_header: + description: + - Headers to allow different authentication methods with the URL. + type: list + elements: dict + suboptions: + header_name: + description: + - The name of the HTTP header we wish to add. + type: str + header_value: + description: + - The name of the HTTP value we wish to add. + type: str + update_interval: + description: + - Interval in minutes for updating the feed on the Security Gateway. + type: int + data_column: + description: + - Number of the column that contains the feed's data. + type: int + fields_delimiter: + description: + - The delimiter that separates between the columns in the feed. + type: str + ignore_lines_that_start_with: + description: + - A prefix that will determine which lines to ignore. + type: str + json_query: + description: + - JQ query to be parsed. + type: str + use_gateway_proxy: + description: + - Use the gateway's proxy for retrieving the feed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain + only and with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: check-network-feed + cp_mgmt_check_network_feed: + network_feed: + name: existing_feed + targets: corporate-gateway +""" + +RETURN = """ +cp_mgmt_check_network_feed: + description: The checkpoint check-network-feed output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + targets=dict(type='list', elements='str'), + network_feed=dict(type='dict', options=dict( + name=dict(type='str'), + feed_url=dict(type='str'), + certificate_id=dict(type='str'), + feed_format=dict(type='str', choices=['Flat List', 'JSON']), + feed_type=dict(type='str', choices=['Domain', 'IP Address', 'IP Address/Domain']), + password=dict(type='str', no_log=True), + username=dict(type='str'), + custom_header=dict(type='list', elements='dict', options=dict( + header_name=dict(type='str'), + header_value=dict(type='str') + )), + update_interval=dict(type='int'), + data_column=dict(type='int'), + fields_delimiter=dict(type='str'), + ignore_lines_that_start_with=dict(type='str'), + json_query=dict(type='str'), + use_gateway_proxy=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + )), + auto_publish_session=dict(type='bool') + + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "check-network-feed" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py new file mode 100644 index 000000000..933349c9e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py @@ -0,0 +1,223 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_check_threat_ioc_feed +short_description: Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with + a new one (by providing all relevant feed parameters). +description: + - Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with a new one (by providing all relevant feed + parameters). + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + ioc_feed: + description: + - threat ioc feed parameters. + type: dict + suboptions: + name: + description: + - Object name. + type: str + feed_url: + description: + - URL of the feed. URL should be written as http or https. + type: str + action: + description: + - The feed indicator's action. + type: str + choices: ['Prevent', 'Detect'] + certificate_id: + description: + - Certificate SHA-1 fingerprint to access the feed. + type: str + custom_comment: + description: + - Custom IOC feed - the column number of comment. + type: int + custom_confidence: + description: + - Custom IOC feed - the column number of confidence. + type: int + custom_header: + description: + - Custom HTTP headers. + type: list + elements: dict + suboptions: + header_name: + description: + - The name of the HTTP header we wish to add. + type: str + header_value: + description: + - The name of the HTTP value we wish to add. + type: str + custom_name: + description: + - Custom IOC feed - the column number of name. + type: int + custom_severity: + description: + - Custom IOC feed - the column number of severity. + type: int + custom_type: + description: + - Custom IOC feed - the column number of type in case a specific type is not chosen. + type: int + custom_value: + description: + - Custom IOC feed - the column number of value in case a specific type is chosen. + type: int + enabled: + description: + - Sets whether this indicator feed is enabled. + type: bool + feed_type: + description: + - Feed type to be enforced. + type: str + choices: ['any type', 'domain', 'ip address', 'md5', 'url', 'ip range', 'mail subject', 'mail from', 'mail to', 'mail reply to', + 'mail cc', 'sha1', 'sha256'] + password: + description: + - password for authenticating with the URL. + type: str + use_custom_feed_settings: + description: + - Set in order to configure a custom indicator feed. + type: bool + username: + description: + - username for authenticating with the URL. + type: str + fields_delimiter: + description: + - The delimiter that separates between the columns in the feed. + type: str + ignore_lines_that_start_with: + description: + - A prefix that will determine which lines to ignore. + type: str + use_gateway_proxy: + description: + - Use the gateway's proxy for retrieving the feed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: check-threat-ioc-feed + cp_mgmt_check_threat_ioc_feed: + ioc_feed: + name: existing_feed + targets: corporate-gateway +""" + +RETURN = """ +cp_mgmt_check_threat_ioc_feed: + description: The checkpoint check-threat-ioc-feed output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ioc_feed=dict(type='dict', options=dict( + name=dict(type='str'), + feed_url=dict(type='str'), + action=dict(type='str', choices=['Prevent', 'Detect']), + certificate_id=dict(type='str'), + custom_comment=dict(type='int'), + custom_confidence=dict(type='int'), + custom_header=dict(type='list', elements='dict', options=dict( + header_name=dict(type='str'), + header_value=dict(type='str') + )), + custom_name=dict(type='int'), + custom_severity=dict(type='int'), + custom_type=dict(type='int'), + custom_value=dict(type='int'), + enabled=dict(type='bool'), + feed_type=dict(type='str', choices=['any type', 'domain', 'ip address', 'md5', 'url', 'ip range', + 'mail subject', 'mail from', 'mail to', 'mail reply to', 'mail cc', 'sha1', 'sha256']), + password=dict(type='str', no_log=True), + use_custom_feed_settings=dict(type='bool'), + username=dict(type='str'), + fields_delimiter=dict(type='str'), + ignore_lines_that_start_with=dict(type='str'), + use_gateway_proxy=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + targets=dict(type='list', elements='str'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "check-threat-ioc-feed" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py new file mode 100644 index 000000000..203ce487e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_cluster_members_facts +short_description: Retrieve all existing cluster members in domain. +description: + - Retrieve all existing cluster members in domain. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uid: + description: + - Cluster member unique identifier. + type: str + limit_interfaces: + description: + - Limit number of cluster member interfaces to show. + type: int + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-cluster-member + cp_mgmt_cluster_members_facts: + uid: 871a47b9-0000-4444-555-593c2111111 + +- name: show-cluster-members + cp_mgmt_cluster_members_facts: + details_level: standard + limit: 5 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + uid=dict(type='str'), + limit_interfaces=dict(type='int'), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "cluster-member" + api_call_object_plural_version = "cluster-members" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py new file mode 100644 index 000000000..9194f9a0f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py @@ -0,0 +1,82 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_connect_cloud_services +short_description: Securely connect the Management Server to Check Point's Infinity Portal. <br>This is a preliminary operation so that the management server + can use various Check Point cloud-based security services hosted in the Infinity Portal. +description: + - Securely connect the Management Server to Check Point's Infinity Portal. <br>This is a preliminary operation so that the management server can use + various Check Point cloud-based security services hosted in the Infinity Portal. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + auth_token: + description: + - Copy the authentication token from the Smart-1 cloud service hosted in the Infinity Portal. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: connect-cloud-services + cp_mgmt_connect_cloud_services: + #sgignore next_line + auth_token: aHR0cHM6Ly9kZXYtY2xvdWRpbmZyYS1ndy5rdWJlMS5pYWFzLmNoZWNrcG9pbnQuY29tL2FwcC9tYWFzL2FwaS92Mi9tYW5hZ2VtZW50 + cy9hZmJlYWRlYS04Y2U2LTRlYTUtOTI4OS00ZTQ0N2M0ZjgyMTvY2xvdWRBY2Nlc3MvP290cD02ZWIzNThlOS1hMzkxLTQxOGQtYjlmZ + i0xOGIxOTQwOGJlN2Y= +""" + +RETURN = """ +cp_mgmt_connect_cloud_services: + description: The checkpoint connect-cloud-services output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + auth_token=dict(type='str', no_log=True) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "connect-cloud-services" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py new file mode 100644 index 000000000..41400cf0a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py @@ -0,0 +1,129 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_center_object_facts +short_description: Get data-center-object objects facts on Checkpoint over Web Services API +description: + - Get data-center-object objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-data-center-object + cp_mgmt_data_center_object_facts: + name: VM1 mgmt name + +- name: show-data-center-objects + cp_mgmt_data_center_object_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "data-center-object" + api_call_object_plural_version = "data-center-objects" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py new file mode 100644 index 000000000..4839a1f27 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py @@ -0,0 +1,89 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_api_key +short_description: Delete the API key. For the key to be invalid publish is needed. +description: + - Delete the API key. For the key to be invalid publish is needed. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + api_key: + description: + - API key to be deleted. + type: str + admin_uid: + description: + - Administrator uid to generate API key for. + type: str + admin_name: + description: + - Administrator name to generate API key for. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-api-key + cp_mgmt_delete_api_key: + #sgignore next_line + api_key: eea3be76f4a8eb740ee872bcedc692748ff256a2d21c9ffd2754facbde046d00 + state: absent +""" + +RETURN = """ +cp_mgmt_delete_api_key: + description: The checkpoint delete-api-key output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + api_key=dict(type='str', no_log=True), + admin_uid=dict(type='str'), + admin_name=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-api-key" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py new file mode 100644 index 000000000..52f4b6633 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py @@ -0,0 +1,95 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_data_center_object +short_description: Delete existing object using object name or uid. +description: + - Delete existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-data-center-object + cp_mgmt_delete_data_center_object: + name: VM1 mgmt name + state: absent +""" + +RETURN = """ +cp_mgmt_delete_data_center_object: + description: The checkpoint delete-data-center-object output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-data-center-object" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py new file mode 100644 index 000000000..4b356fd49 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py @@ -0,0 +1,94 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_domain +short_description: Delete existing object using object name or uid. +description: + - Delete existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-domain + cp_mgmt_delete_domain: + name: domain1 +""" + +RETURN = """ +cp_mgmt_domain: + description: The checkpoint delete-domain output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + command = 'delete-domain' + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py new file mode 100644 index 000000000..2915667f3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_nat_rule +short_description: Delete existing object using object name or uid. +description: + - Delete existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + rule_number: + description: + - Rule number. + type: str + package: + description: + - Name of the package. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-nat-rule + cp_mgmt_delete_nat_rule: + package: standard + state: absent +""" + +RETURN = """ +cp_mgmt_delete_nat_rule: + description: The checkpoint delete-nat-rule output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + rule_number=dict(type='str'), + package=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-nat-rule" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py new file mode 100644 index 000000000..8e17898be --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py @@ -0,0 +1,123 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_rules_batch +short_description: Delete rules in batch from the same layer. Use this API to achieve optimum performance when removing more than one rule. +description: + - Delete rules in batch from the same layer. Use this API to achieve optimum performance when removing more than one rule. + - Warnings are ignored when using this API, operation will apply changes while ignoring warnings. + - Supported rules types are access-rule, nat-rule, https-rule and threat-exception. + - This module is not idempotent. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + objects: + description: + - Batch of rules separated by types. + type: list + elements: dict + suboptions: + layer: + description: + - Layer name or uid. + type: str + type: + description: + - Type of rules to be deleted. <br>Only types from above are supported. + type: str + list: + description: + - List of rules from the same type to be deleted. <br>Use the "delete" API reference documentation for a single rule command to find the + expected fields for the request.<br>For example, to delete access-rule, use the "delete-access-rule" command found in the API reference + documentation (under Access Control & NAT). <br>Note, "ignore-errors", "ignore-warnings" and "details-level" options are not supported when + deleting a batch of objects. + type: list + elements: dict + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-rules-batch + cp_mgmt_delete_rules_batch: + objects: + - layer: Network + list: + - rule_number: 1 + - rule_number: 2 + type: access-rule + - layer: Standard + list: + - rule_number: 1 + - rule_number: 2 + type: nat-rule + - layer: Default Layer + list: + - rule_number: 1 + - rule_number: 2 + type: https-rule + state: absent +""" + +RETURN = """ +cp_mgmt_delete_rules_batch: + description: The checkpoint delete-rules-batch output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + objects=dict(type='list', elements='dict', options=dict( + layer=dict(type='str'), + type=dict(type='str'), + list=dict(type='list', elements='dict') + )), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-rules-batch" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py new file mode 100644 index 000000000..7dc4844e9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_discard +short_description: All changes done by user are discarded and removed from database. +description: + - All changes done by user are discarded and removed from database. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + uid: + description: + - Session unique identifier. Specify it to discard a different session than the one you currently use. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: discard + cp_mgmt_discard: +""" + +RETURN = """ +cp_mgmt_discard: + description: The checkpoint discard output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uid=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "discard" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py new file mode 100644 index 000000000..82073cc7a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py @@ -0,0 +1,78 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_disconnect_cloud_services +short_description: Disconnect the Management Server from Check Point's Infinity Portal. +description: + - Disconnect the Management Server from Check Point's Infinity Portal. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + force: + description: + - Disconnect the Management Server from Check Point Infinity Portal, and reset the connection locally, regardless of the result in the Infinity + Portal. This flag can be used if the disconnect-cloud-services command failed. Since with this flag this command affects only the local configuration, + make sure to disconnect the Management Server in the Infinity Portal as well. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: disconnect-cloud-services + cp_mgmt_disconnect_cloud_services: +""" + +RETURN = """ +cp_mgmt_disconnect_cloud_services: + description: The checkpoint disconnect-cloud-services output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + force=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "disconnect-cloud-services" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py new file mode 100644 index 000000000..127dce067 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py @@ -0,0 +1,135 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dns_domain +short_description: Manages dns-domain objects on Check Point over Web Services API +description: + - Manages dns-domain objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + is_sub_domain: + description: + - Whether to match sub-domains in addition to the domain itself. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-dns-domain + cp_mgmt_dns_domain: + is_sub_domain: false + name: .www.example.com + state: present + +- name: set-dns-domain + cp_mgmt_dns_domain: + is_sub_domain: true + name: .www.example.com + state: present + +- name: delete-dns-domain + cp_mgmt_dns_domain: + name: .example.com + state: absent +""" + +RETURN = """ +cp_mgmt_dns_domain: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + is_sub_domain=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'dns-domain' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py new file mode 100644 index 000000000..87ab82c46 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dns_domain_facts +short_description: Get dns-domain objects facts on Check Point over Web Services API +description: + - Get dns-domain objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-dns-domain + cp_mgmt_dns_domain_facts: + name: .www.example.com + +- name: show-dns-domains + cp_mgmt_dns_domain_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "dns-domain" + api_call_object_plural_version = "dns-domains" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py new file mode 100644 index 000000000..e6fab1445 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py @@ -0,0 +1,134 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_domain_facts +short_description: Get domain objects facts on Checkpoint over Web Services API +description: + - Get domain objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: checkpoint_facts +""" + +EXAMPLES = """ +- name: show-domain + cp_mgmt_domain_facts: + name: domain1 + +- name: show-domains + cp_mgmt_domain_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "domain" + api_call_object_plural_version = "domains" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py new file mode 100644 index 000000000..d327f30f6 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py @@ -0,0 +1,598 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_domain_permissions_profile +short_description: Manages domain-permissions-profile objects on Checkpoint over Web Services API +description: + - Manages domain-permissions-profile objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + permission_type: + description: + - The type of the Permissions Profile. + type: str + choices: ['read write all', 'read only all', 'customized'] + edit_common_objects: + description: + - Define and manage objects in the Check Point database, Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, + Resources, Time, UserCheck, and Limit.<br>Only a 'Customized' permission-type profile can edit this permission. + type: bool + access_control: + description: + - Access Control permissions.<br>Only a 'Customized' permission-type profile can edit these permissions. + type: dict + suboptions: + show_policy: + description: + - Select to let administrators work with Access Control rules and NAT rules. If not selected, administrators cannot see these rules. + type: bool + policy_layers: + description: + - Layer editing permissions.<br>Available only if show-policy is set to true. + type: dict + suboptions: + edit_layers: + description: + - a "By Software Blades" - Edit Access Control layers that contain the blades enabled in the Permissions Profile.<br>"By + Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Access Control layer editor gives editing permission to + their profiles. + type: str + choices: ['By Software Blades', 'By Selected Profile In A Layer Editor'] + app_control_and_url_filtering: + description: + - Use Application and URL Filtering in Access Control rules.<br>Available only if edit-layers is set to "By Software Blades". + type: bool + content_awareness: + description: + - Use specified data types in Access Control rules.<br>Available only if edit-layers is set to "By Software Blades". + type: bool + firewall: + description: + - Work with Access Control and other Software Blades that do not have their own Policies.<br>Available only if edit-layers is + set to "By Software Blades". + type: bool + mobile_access: + description: + - Work with Mobile Access rules.<br>Available only if edit-layers is set to "By Software Blades". + type: bool + dlp_policy: + description: + - Configure DLP rules and Policies. + type: str + choices: ['read', 'write', 'disabled'] + geo_control_policy: + description: + - Work with Access Control rules that control traffic to and from specified countries. + type: str + choices: ['read', 'write', 'disabled'] + nat_policy: + description: + - Work with NAT in Access Control rules. + type: str + choices: ['read', 'write', 'disabled'] + qos_policy: + description: + - Work with QoS Policies and rules. + type: str + choices: ['read', 'write', 'disabled'] + access_control_objects_and_settings: + description: + - Allow editing of the following objet types, VPN Community, Access Role, Custom application group,Custom application, Custom category, + Limit, Application - Match Settings, Application Category - Match Settings,Override Categorization, Application and URL filtering blade - Advanced + Settings, Content Awareness blade - Advanced Settings. + type: str + choices: ['read', 'write', 'disabled'] + app_control_and_url_filtering_update: + description: + - Install Application and URL Filtering updates. + type: bool + install_policy: + description: + - Install Access Control Policies. + type: bool + endpoint: + description: + - Endpoint permissions. Not supported for Multi-Domain Servers.<br>Only a 'Customized' permission-type profile can edit these permissions. + type: dict + suboptions: + manage_policies_and_software_deployment: + description: + - The administrator can work with policies, rules and actions. + type: bool + edit_endpoint_policies: + description: + - Available only if manage-policies-and-software-deployment is set to true. + type: bool + policies_installation: + description: + - The administrator can install policies on endpoint computers. + type: bool + edit_software_deployment: + description: + - The administrator can define deployment rules, create packages for export, and configure advanced package settings.<br>Available only + if manage-policies-and-software-deployment is set to true. + type: bool + software_deployment_installation: + description: + - The administrator can deploy packages and install endpoint clients. + type: bool + allow_executing_push_operations: + description: + - The administrator can start operations that the Security Management Server pushes directly to client computers with no policy + installation required. + type: bool + authorize_preboot_users: + description: + - The administrator can add and remove the users who are permitted to log on to Endpoint Security client computers with Full Disk Encryption. + type: bool + recovery_media: + description: + - The administrator can create recovery media on endpoint computers and devices. + type: bool + remote_help: + description: + - The administrator can use the Remote Help feature to reset user passwords and give access to locked out users. + type: bool + reset_computer_data: + description: + - The administrator can reset a computer, which deletes all information about the computer from the Security Management Server. + type: bool + events_and_reports: + description: + - Events and Reports permissions.<br>Only a 'Customized' permission-type profile can edit these permissions. + type: dict + suboptions: + smart_event: + description: + - a 'Custom' - Configure SmartEvent permissions. + type: str + choices: ['custom', 'app control and url filtering reports only'] + events: + description: + - Work with event queries on the Events tab. Create custom event queries.<br>Available only if smart-event is set to 'Custom'. + type: str + choices: ['read', 'write', 'disabled'] + policy: + description: + - Configure SmartEvent Policy rules and install SmartEvent Policies.<br>Available only if smart-event is set to 'Custom'. + type: str + choices: ['read', 'write', 'disabled'] + reports: + description: + - Create and run SmartEvent reports.<br>Available only if smart-event is set to 'Custom'. + type: bool + gateways: + description: + - Gateways permissions. <br>Only a 'Customized' permission-type profile can edit these permissions. + type: dict + suboptions: + smart_update: + description: + - Install, update and delete Check Point licenses. This includes permissions to use SmartUpdate to manage licenses. + type: str + choices: ['read', 'write', 'disabled'] + lsm_gw_db: + description: + - Access to objects defined in LSM gateway tables. These objects are managed in the SmartProvisioning GUI or LSMcli + command-line.<br>Note, 'Write' permission on lsm-gw-db allows administrator to run a script on SmartLSM gateway in Expert mode. + type: str + choices: ['read', 'write', 'disabled'] + manage_provisioning_profiles: + description: + - Administrator can add, edit, delete, and assign provisioning profiles to gateways (both LSM and non-LSM).<br>Available for edit only + if lsm-gw-db is set with 'Write' permission.<br>Note, 'Read' permission on lsm-gw-db enables 'Read' permission for manage-provisioning-profiles. + type: str + choices: ['read', 'write', 'disabled'] + vsx_provisioning: + description: + - Create and configure Virtual Systems and other VSX virtual objects. + type: bool + system_backup: + description: + - Backup Security Gateways. + type: bool + system_restore: + description: + - Restore Security Gateways from saved backups. + type: bool + open_shell: + description: + - Use the SmartConsole CLI to run commands. + type: bool + run_one_time_script: + description: + - Run user scripts from the command line. + type: bool + run_repository_script: + description: + - Run scripts from the repository. + type: bool + manage_repository_scripts: + description: + - Add, change and remove scripts in the repository. + type: str + choices: ['read', 'write', 'disabled'] + management: + description: + - Management permissions. + type: dict + suboptions: + cme_operations: + description: + - Permission to read / edit the Cloud Management Extension (CME) configuration.<br>Not supported for Multi-Domain Servers. + type: str + choices: ['read', 'write', 'disabled'] + manage_admins: + description: + - Controls the ability to manage Administrators, Permission Profiles, Trusted clients,API settings and Policy settings.<br>Only a "Read + Write All" permission-type profile can edit this permission.<br>Not supported for Multi-Domain Servers. + type: bool + management_api_login: + description: + - Permission to log in to the Security Management Server and run API commands using thesetools, mgmt_cli (Linux and Windows binaries), + Gaia CLI (clish) and Web Services (REST). Useful if you want to prevent administrators from running automatic scripts on the Management.<br>Note, + This permission is not required to run commands from within the API terminal in SmartConsole.<br>Not supported for Multi-Domain Servers. + type: bool + manage_sessions: + description: + - Lets you disconnect, discard, publish, or take over other administrator sessions.<br>Only a "Read Write All" permission-type profile + can edit this permission. + type: bool + high_availability_operations: + description: + - Configure and work with Domain High Availability.<br>Only a 'Customized' permission-type profile can edit this permission. + type: bool + approve_or_reject_sessions: + description: + - Approve / reject other sessions. + type: bool + publish_sessions: + description: + - Allow session publishing without an approval. + type: bool + manage_integration_with_cloud_services: + description: + - Manage integration with Cloud Services. + type: bool + monitoring_and_logging: + description: + - Monitoring and Logging permissions.<br>'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type + can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions. + type: dict + suboptions: + monitoring: + description: + - See monitoring views and reports. + type: str + choices: ['read', 'write', 'disabled'] + management_logs: + description: + - See Multi-Domain Server audit logs. + type: str + choices: ['read', 'write', 'disabled'] + track_logs: + description: + - Use the log tracking features in SmartConsole. + type: str + choices: ['read', 'write', 'disabled'] + app_and_url_filtering_logs: + description: + - Work with Application and URL Filtering logs. + type: bool + https_inspection_logs: + description: + - See logs generated by HTTPS Inspection. + type: bool + packet_capture_and_forensics: + description: + - See logs generated by the IPS and Forensics features. + type: bool + show_packet_capture_by_default: + description: + - Enable packet capture by default. + type: bool + identities: + description: + - Show user and computer identity information in logs. + type: bool + show_identities_by_default: + description: + - Show user and computer identity information in logs by default. + type: bool + dlp_logs_including_confidential_fields: + description: + - Show DLP logs including confidential fields. + type: bool + manage_dlp_messages: + description: + - View/Release/Discard DLP messages.<br>Available only if dlp-logs-including-confidential-fields is set to true. + type: bool + threat_prevention: + description: + - Threat Prevention permissions.<br>Only a 'Customized' permission-type profile can edit these permissions. + type: dict + suboptions: + policy_layers: + description: + - Configure Threat Prevention Policy rules.<br>Note, To have policy-layers permissions you must set policy-exceptionsand profiles + permissions. To have 'Write' permissions for policy-layers, policy-exceptions must be set with 'Write' permission as well. + type: str + choices: ['read', 'write', 'disabled'] + edit_layers: + description: + - a 'ALL' - Gives permission to edit all layers.<br>"By Selected Profile In A Layer Editor" - Administrators can only edit the layer + if the Threat Prevention layer editor gives editing permission to their profiles.<br>Available only if policy-layers is set to 'Write'. + type: str + choices: ['By Selected Profile In A Layer Editor', 'All'] + edit_settings: + description: + - Work with general Threat Prevention settings. + type: bool + policy_exceptions: + description: + - Configure exceptions to Threat Prevention rules.<br>Note, To have policy-exceptions you must set the protections permission. + type: str + choices: ['read', 'write', 'disabled'] + profiles: + description: + - Configure Threat Prevention profiles. + type: str + choices: ['read', 'write', 'disabled'] + protections: + description: + - Work with malware protections. + type: str + choices: ['read', 'write', 'disabled'] + install_policy: + description: + - Install Policies. + type: bool + ips_update: + description: + - Update IPS protections.<br>Note, You do not have to log into the User Center to receive IPS updates. + type: bool + others: + description: + - Additional permissions.<br>Only a 'Customized' permission-type profile can edit these permissions. + type: dict + suboptions: + client_certificates: + description: + - Create and manage client certificates for Mobile Access. + type: bool + edit_cp_users_db: + description: + - Work with user accounts and groups. + type: bool + https_inspection: + description: + - Enable and configure HTTPS Inspection rules. + type: str + choices: ['read', 'write', 'disabled'] + ldap_users_db: + description: + - Work with the LDAP database and user accounts, groups and OUs. + type: str + choices: ['read', 'write', 'disabled'] + user_authority_access: + description: + - Work with Check Point User Authority authentication. + type: str + choices: ['read', 'write', 'disabled'] + user_device_mgmt_conf: + description: + - Gives access to the UDM (User & Device Management) web-based application that handles security challenges in a "bring your own device" + (BYOD) workspace. + type: str + choices: ['read', 'write', 'disabled'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-domain-permissions-profile + cp_mgmt_domain_permissions_profile: + name: customized profile + state: present + +- name: set-domain-permissions-profile + cp_mgmt_domain_permissions_profile: + access_control.policy_layers: By Selected Profile In A Layer Editor + name: read profile + permission_type: customized + state: present + +- name: delete-domain-permissions-profile + cp_mgmt_domain_permissions_profile: + name: profile + state: absent +""" + +RETURN = """ +cp_mgmt_domain_permissions_profile: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + permission_type=dict(type='str', choices=['read write all', 'read only all', 'customized']), + edit_common_objects=dict(type='bool'), + access_control=dict(type='dict', options=dict( + show_policy=dict(type='bool'), + policy_layers=dict(type='dict', options=dict( + edit_layers=dict(type='str', choices=['By Software Blades', 'By Selected Profile In A Layer Editor']), + app_control_and_url_filtering=dict(type='bool'), + content_awareness=dict(type='bool'), + firewall=dict(type='bool'), + mobile_access=dict(type='bool') + )), + dlp_policy=dict(type='str', choices=['read', 'write', 'disabled']), + geo_control_policy=dict(type='str', choices=['read', 'write', 'disabled']), + nat_policy=dict(type='str', choices=['read', 'write', 'disabled']), + qos_policy=dict(type='str', choices=['read', 'write', 'disabled']), + access_control_objects_and_settings=dict(type='str', choices=['read', 'write', 'disabled']), + app_control_and_url_filtering_update=dict(type='bool'), + install_policy=dict(type='bool') + )), + endpoint=dict(type='dict', options=dict( + manage_policies_and_software_deployment=dict(type='bool'), + edit_endpoint_policies=dict(type='bool'), + policies_installation=dict(type='bool'), + edit_software_deployment=dict(type='bool'), + software_deployment_installation=dict(type='bool'), + allow_executing_push_operations=dict(type='bool'), + authorize_preboot_users=dict(type='bool'), + recovery_media=dict(type='bool'), + remote_help=dict(type='bool'), + reset_computer_data=dict(type='bool') + )), + events_and_reports=dict(type='dict', options=dict( + smart_event=dict(type='str', choices=['custom', 'app control and url filtering reports only']), + events=dict(type='str', choices=['read', 'write', 'disabled']), + policy=dict(type='str', choices=['read', 'write', 'disabled']), + reports=dict(type='bool') + )), + gateways=dict(type='dict', options=dict( + smart_update=dict(type='str', choices=['read', 'write', 'disabled']), + lsm_gw_db=dict(type='str', choices=['read', 'write', 'disabled']), + manage_provisioning_profiles=dict(type='str', choices=['read', 'write', 'disabled']), + vsx_provisioning=dict(type='bool'), + system_backup=dict(type='bool'), + system_restore=dict(type='bool'), + open_shell=dict(type='bool'), + run_one_time_script=dict(type='bool'), + run_repository_script=dict(type='bool'), + manage_repository_scripts=dict(type='str', choices=['read', 'write', 'disabled']) + )), + management=dict(type='dict', options=dict( + cme_operations=dict(type='str', choices=['read', 'write', 'disabled']), + manage_admins=dict(type='bool'), + management_api_login=dict(type='bool'), + manage_sessions=dict(type='bool'), + high_availability_operations=dict(type='bool'), + approve_or_reject_sessions=dict(type='bool'), + publish_sessions=dict(type='bool'), + manage_integration_with_cloud_services=dict(type='bool') + )), + monitoring_and_logging=dict(type='dict', options=dict( + monitoring=dict(type='str', choices=['read', 'write', 'disabled']), + management_logs=dict(type='str', choices=['read', 'write', 'disabled']), + track_logs=dict(type='str', choices=['read', 'write', 'disabled']), + app_and_url_filtering_logs=dict(type='bool'), + https_inspection_logs=dict(type='bool'), + packet_capture_and_forensics=dict(type='bool'), + show_packet_capture_by_default=dict(type='bool'), + identities=dict(type='bool'), + show_identities_by_default=dict(type='bool'), + dlp_logs_including_confidential_fields=dict(type='bool'), + manage_dlp_messages=dict(type='bool') + )), + threat_prevention=dict(type='dict', options=dict( + policy_layers=dict(type='str', choices=['read', 'write', 'disabled']), + edit_layers=dict(type='str', choices=['By Selected Profile In A Layer Editor', 'All']), + edit_settings=dict(type='bool'), + policy_exceptions=dict(type='str', choices=['read', 'write', 'disabled']), + profiles=dict(type='str', choices=['read', 'write', 'disabled']), + protections=dict(type='str', choices=['read', 'write', 'disabled']), + install_policy=dict(type='bool'), + ips_update=dict(type='bool') + )), + others=dict(type='dict', options=dict( + client_certificates=dict(type='bool'), + edit_cp_users_db=dict(type='bool'), + https_inspection=dict(type='str', choices=['read', 'write', 'disabled']), + ldap_users_db=dict(type='str', choices=['read', 'write', 'disabled']), + user_authority_access=dict(type='str', choices=['read', 'write', 'disabled']), + user_device_mgmt_conf=dict(type='str', choices=['read', 'write', 'disabled']) + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'domain-permissions-profile' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py new file mode 100644 index 000000000..b923f3939 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_domain_permissions_profile_facts +short_description: Get domain-permissions-profile objects facts on Checkpoint over Web Services API +description: + - Get domain-permissions-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-domain-permissions-profile + cp_mgmt_domain_permissions_profile_facts: + name: profile + +- name: show-domain-permissions-profiles + cp_mgmt_domain_permissions_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "domain-permissions-profile" + api_call_object_plural_version = "domain-permissions-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py new file mode 100644 index 000000000..1a7ce5fa5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py @@ -0,0 +1,125 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dynamic_object +short_description: Manages dynamic-object objects on Check Point over Web Services API +description: + - Manages dynamic-object objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-dynamic-object + cp_mgmt_dynamic_object: + color: yellow + comments: My Dynamic Object 1 + name: Dynamic_Object_1 + state: present + +- name: delete-dynamic-object + cp_mgmt_dynamic_object: + name: Dynamic_Object_2 + state: absent +""" + +RETURN = """ +cp_mgmt_dynamic_object: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'dynamic-object' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py new file mode 100644 index 000000000..c049e0407 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py @@ -0,0 +1,129 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dynamic_object_facts +short_description: Get dynamic-object objects facts on Check Point over Web Services API +description: + - Get dynamic-object objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-dynamic-object + cp_mgmt_dynamic_object_facts: + name: Dynamic_Object_1 + +- name: show-dynamic-objects + cp_mgmt_dynamic_object_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "dynamic-object" + api_call_object_plural_version = "dynamic-objects" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py new file mode 100644 index 000000000..025061d73 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py @@ -0,0 +1,179 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_exception_group +short_description: Manages exception-group objects on Check Point over Web Services API +description: + - Manages exception-group objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + applied_profile: + description: + - The threat profile to apply this group to in the case of apply-on threat-rules-with-specific-profile. + type: str + applied_threat_rules: + description: + - The threat rules to apply this group on in the case of apply-on manually-select-threat-rules. + type: dict + suboptions: + add: + description: + - Adds to collection of values + type: list + elements: dict + suboptions: + layer: + description: + - The layer of the threat rule to which the group is to be attached. + type: str + name: + description: + - The name of the threat rule to which the group is to be attached. + type: str + rule_number: + description: + - The rule-number of the threat rule to which the group is to be attached. + type: str + position: + description: + - Position in the rulebase. + type: str + apply_on: + description: + - An exception group can be set to apply on all threat rules, all threat rules which have a specific profile, or those rules manually chosen by the user. + type: str + choices: ['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-exception-group + cp_mgmt_exception_group: + applied_threat_rules.0.layer: MyLayer + applied_threat_rules.0.name: MyThreatRule + apply_on: manually-select-threat-rules + name: exception_group_2 + state: present + +- name: set-exception-group + cp_mgmt_exception_group: + apply_on: all-threat-rules + name: exception_group_2 + state: present + tags: tag3 + +- name: delete-exception-group + cp_mgmt_exception_group: + name: exception_group_2 + state: absent +""" + +RETURN = """ +cp_mgmt_exception_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + applied_profile=dict(type='str'), + applied_threat_rules=dict(type='dict', options=dict( + add=dict(type='list', elements='dict', options=dict( + layer=dict(type='str'), + name=dict(type='str'), + rule_number=dict(type='str'), + position=dict(type='str') + )) + )), + apply_on=dict(type='str', choices=['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules']), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'exception-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py new file mode 100644 index 000000000..cc88a3ab5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_exception_group_facts +short_description: Get exception-group objects facts on Check Point over Web Services API +description: + - Get exception-group objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-exception-group + cp_mgmt_exception_group_facts: + name: exception_group_2 + +- name: show-exception-groups + cp_mgmt_exception_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "exception-group" + api_call_object_plural_version = "exception-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py new file mode 100644 index 000000000..21c5fb23b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py @@ -0,0 +1,82 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_get_platform +short_description: Get actual platform (Hardware, Version, OS) from gateway, cluster or Check Point host. +description: + - Get actual platform (Hardware, Version, OS) from gateway, cluster or Check Point host. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Gateway, cluster or Check Point host name. + type: str + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: get-platform + cp_mgmt_get_platform: + name: gw1 +""" + +RETURN = """ +cp_mgmt_get_platform: + description: The checkpoint get-platform output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "get-platform" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py new file mode 100644 index 000000000..08bce2b9b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_global_assignment +short_description: Manages global-assignment objects on Check Point over Web Services API +description: + - Manages global-assignment objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + dependent_domain: + description: + - N/A + type: str + global_access_policy: + description: + - Global domain access policy that is assigned to a dependent domain. + type: str + global_domain: + description: + - N/A + type: str + global_threat_prevention_policy: + description: + - Global domain threat prevention policy that is assigned to a dependent domain. + type: str + manage_protection_actions: + description: + - N/A + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-global-assignment + cp_mgmt_global_assignment: + dependent_domain: domain2 + global_access_policy: standard + global_domain: Global + global_threat_prevention_policy: standard + manage_protection_actions: true + state: present + +- name: set-global-assignment + cp_mgmt_global_assignment: + dependent_domain: domain1 + global_domain: Global2 + global_threat_prevention_policy: '' + manage_protection_actions: false + state: present + +- name: delete-global-assignment + cp_mgmt_global_assignment: + dependent_domain: domain1 + global_domain: Global2 + state: absent +""" + +RETURN = """ +cp_mgmt_global_assignment: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + dependent_domain=dict(type='str'), + global_access_policy=dict(type='str'), + global_domain=dict(type='str'), + global_threat_prevention_policy=dict(type='str'), + manage_protection_actions=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'global-assignment' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py new file mode 100644 index 000000000..be5c11788 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_global_assignment_facts +short_description: Get global-assignment objects facts on Check Point over Web Services API +description: + - Get global-assignment objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + dependent_domain: + description: + - N/A + type: str + global_domain: + description: + - N/A + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-global-assignment + cp_mgmt_global_assignment_facts: + dependent_domain: domain1 + global_domain: Global2 + +- name: show-global-assignments + cp_mgmt_global_assignment_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + dependent_domain=dict(type='str'), + global_domain=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "global-assignment" + api_call_object_plural_version = "global-assignments" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py new file mode 100644 index 000000000..fd134ff1a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_group +short_description: Manages group objects on Check Point over Web Services API +description: + - Manages group objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + members: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-group + cp_mgmt_group: + members: + - New Host 1 + - My Test Host 3 + name: New Group 5 + state: present + +- name: set-group + cp_mgmt_group: + name: New Group 1 + state: present + +- name: delete-group + cp_mgmt_group: + name: New Group 1 + state: absent +""" + +RETURN = """ +cp_mgmt_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + members=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py new file mode 100644 index 000000000..baa5b2763 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_group_facts +short_description: Get group objects facts on Check Point over Web Services API +description: + - Get group objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + show_as_ranges: + description: + - When true, the group's matched content is displayed as ranges of IP addresses rather than network objects.<br />Objects that are not + represented using IP addresses are presented as objects.<br />The 'members' parameter is omitted from the response and instead the 'ranges' parameter + is displayed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-group + cp_mgmt_group_facts: + name: Demo_Group + +- name: show-groups + cp_mgmt_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + show_as_ranges=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "group" + api_call_object_plural_version = "groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py new file mode 100644 index 000000000..8497cd60d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py @@ -0,0 +1,148 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_group_with_exclusion +short_description: Manages group-with-exclusion objects on Check Point over Web Services API +description: + - Manages group-with-exclusion objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + except: + description: + - Name or UID of an object which the group excludes. + type: str + include: + description: + - Name or UID of an object which the group includes. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-group-with-exclusion + cp_mgmt_group_with_exclusion: + except: New Group 2 + include: New Group 1 + name: Group with exclusion + state: present + +- name: set-group-with-exclusion + cp_mgmt_group_with_exclusion: + except: New Group 1 + include: New Group 2 + name: Group with exclusion + state: present + +- name: delete-group-with-exclusion + cp_mgmt_group_with_exclusion: + name: Group with exclusion + state: absent +""" + +RETURN = """ +cp_mgmt_group_with_exclusion: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + include=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec['except'] = dict(type='str') + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'group-with-exclusion' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py new file mode 100644 index 000000000..d2443e1cc --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py @@ -0,0 +1,134 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_group_with_exclusion_facts +short_description: Get group-with-exclusion objects facts on Check Point over Web Services API +description: + - Get group-with-exclusion objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + show_as_ranges: + description: + - When true, the group with exclusion's matched content is displayed as ranges of IP addresses rather than network objects.<br />Objects that + are not represented using IP addresses are presented as objects.<br />The 'include' and 'except' parameters are omitted from the response and instead + the 'ranges' parameter is displayed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-group-with-exclusion + cp_mgmt_group_with_exclusion_facts: + name: Group with exclusion + +- name: show-groups-with-exclusion + cp_mgmt_group_with_exclusion_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + show_as_ranges=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "group-with-exclusion" + api_call_object_plural_version = "groups-with-exclusion" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py new file mode 100644 index 000000000..5ec16c1f7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py @@ -0,0 +1,338 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_host +short_description: Manages host objects on Check Point over Web Services API +description: + - Manages host objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + interfaces: + description: + - Host interfaces. + type: list + elements: dict + suboptions: + name: + description: + - Interface name. + type: str + subnet: + description: + - IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly. + type: str + subnet4: + description: + - IPv4 network address. + type: str + subnet6: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask + length it is possible to specify IPv4 mask itself in subnet-mask field. + type: int + mask_length4: + description: + - IPv4 network mask length. + type: int + mask_length6: + description: + - IPv6 network mask length. + type: int + subnet_mask: + description: + - IPv4 network mask. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + nat_settings: + description: + - NAT settings. + type: dict + suboptions: + auto_rule: + description: + - Whether to add automatic address translation rules. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not + required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway". + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hide_behind: + description: + - Hide behind method. This parameter is not required in case "method" parameter is "static". + type: str + choices: ['gateway', 'ip-address'] + install_on: + description: + - Which gateway should apply the NAT translation. + type: str + method: + description: + - NAT translation method. + type: str + choices: ['hide', 'static'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + host_servers: + description: + - Servers Configuration. + type: dict + suboptions: + dns_server: + description: + - Gets True if this server is a DNS Server. + type: bool + mail_server: + description: + - Gets True if this server is a Mail Server. + type: bool + web_server: + description: + - Gets True if this server is a Web Server. + type: bool + web_server_config: + description: + - Web Server configuration. + type: dict + suboptions: + additional_ports: + description: + - Server additional ports. + type: list + elements: str + application_engines: + description: + - Application engines of this web server. + type: list + elements: str + listen_standard_port: + description: + - Whether server listens to standard port. + type: bool + operating_system: + description: + - Operating System. + type: str + choices: ['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris'] + protected_by: + description: + - Network object which protects this server identified by the name or UID. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-host + cp_mgmt_host: + ip_address: 192.0.2.1 + name: New Host 1 + state: present + +- name: set-host + cp_mgmt_host: + color: green + ipv4_address: 192.0.2.2 + name: New Host 1 + state: present + +- name: delete-host + cp_mgmt_host: + name: New Host 1 + state: absent +""" + +RETURN = """ +cp_mgmt_host: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + subnet=dict(type='str'), + subnet4=dict(type='str'), + subnet6=dict(type='str'), + mask_length=dict(type='int'), + mask_length4=dict(type='int'), + mask_length6=dict(type='int'), + subnet_mask=dict(type='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + nat_settings=dict(type='dict', options=dict( + auto_rule=dict(type='bool'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + hide_behind=dict(type='str', choices=['gateway', 'ip-address']), + install_on=dict(type='str'), + method=dict(type='str', choices=['hide', 'static']) + )), + tags=dict(type='list', elements='str'), + host_servers=dict(type='dict', options=dict( + dns_server=dict(type='bool'), + mail_server=dict(type='bool'), + web_server=dict(type='bool'), + web_server_config=dict(type='dict', options=dict( + additional_ports=dict(type='list', elements='str'), + application_engines=dict(type='list', elements='str'), + listen_standard_port=dict(type='bool'), + operating_system=dict(type='str', choices=['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris']), + protected_by=dict(type='str') + )) + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'host' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py new file mode 100644 index 000000000..597b817f6 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_host_facts +short_description: Get host objects facts on Check Point over Web Services API +description: + - Get host objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-host + cp_mgmt_host_facts: + name: New Host 1 + +- name: show-hosts + cp_mgmt_host_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "host" + api_call_object_plural_version = "hosts" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py new file mode 100644 index 000000000..aba2a6a89 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py @@ -0,0 +1,119 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_https_section +short_description: Manages https-section objects on Checkpoint over Web Services API +description: + - Manages https-section objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + layer: + description: + - Layer that holds the Object. Identified by the Name or UID. + type: str + position: + description: + - Position in the rulebase. + type: str + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-https-section + cp_mgmt_https_section: + layer: Default Layer + name: New Section 1 + position: 1 + state: present + +- name: set-https-section + cp_mgmt_https_section: + layer: Default Layer + name: New Section 1 + state: present + +- name: delete-https-section + cp_mgmt_https_section: + layer: Default Layer + name: New Section 2 + state: absent +""" + +RETURN = """ +cp_mgmt_https_section: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + layer=dict(type='str'), + position=dict(type='str'), + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'https-section' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py new file mode 100644 index 000000000..782375d67 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py @@ -0,0 +1,135 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_identity_tag +short_description: Manages identity-tag objects on Checkpoint over Web Services API +description: + - Manages identity-tag objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + external_identifier: + description: + - External identifier. For example, Cisco ISE security group tag. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-identity-tag + cp_mgmt_identity_tag: + external_identifier: some external identifier + name: mytag + state: present + +- name: set-identity-tag + cp_mgmt_identity_tag: + external_identifier: Cisco ISE security group tag + name: mytag + state: present + +- name: delete-identity-tag + cp_mgmt_identity_tag: + name: myidentitytag + state: absent +""" + +RETURN = """ +cp_mgmt_identity_tag: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + external_identifier=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'identity-tag' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py new file mode 100644 index 000000000..07618264b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py @@ -0,0 +1,139 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_identity_tag_facts +short_description: Get identity-tag objects facts on Checkpoint over Web Services API +description: + - Get identity-tag objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-identity-tag + cp_mgmt_identity_tag_facts: + name: myidentitytag + +- name: show-identity-tags + cp_mgmt_identity_tag_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "identity-tag" + api_call_object_plural_version = "identity-tags" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py new file mode 100644 index 000000000..ec08c8f3b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py @@ -0,0 +1,160 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_idp_administrator_group +short_description: Manages idp-administrator-group objects on Checkpoint over Web Services API +description: + - Manages idp-administrator-group objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + group_id: + description: + - Group ID or Name should be set base on the source attribute of 'groups' in the Saml Assertion. + type: str + multi_domain_profile: + description: + - Administrator multi-domain profile. + type: str + permissions_profile: + description: + - Administrator permissions profile. Permissions profile should not be provided when multi-domain-profile is set to "Multi-Domain Super User" or + "Domain Super User". + type: list + elements: dict + suboptions: + domain: + description: + - N/A + type: str + profile: + description: + - Permission profile. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-idp-administrator-group + cp_mgmt_idp_administrator_group: + group_id: it-team + multi_domain_profile: domain super user + name: my super group + state: present + +- name: set-idp-administrator-group + cp_mgmt_idp_administrator_group: + group_id: global-domain-checkpoint + name: my global group + state: present + +- name: delete-idp-administrator-group + cp_mgmt_idp_administrator_group: + name: my super group + state: absent +""" + +RETURN = """ +cp_mgmt_idp_administrator_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + group_id=dict(type='str'), + multi_domain_profile=dict(type='str'), + permissions_profile=dict(type='list', elements='dict', options=dict( + domain=dict(type='str'), + profile=dict(type='str') + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'idp-administrator-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py new file mode 100644 index 000000000..bbe358d71 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_idp_administrator_group_facts +short_description: Get idp-administrator-group objects facts on Checkpoint over Web Services API +description: + - Get idp-administrator-group objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-idp-administrator-group + cp_mgmt_idp_administrator_group_facts: + name: my global group + +- name: show-idp-administrator-groups + cp_mgmt_idp_administrator_group_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "idp-administrator-group" + api_call_object_plural_version = "idp-administrator-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py new file mode 100644 index 000000000..41f30a52e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py @@ -0,0 +1,124 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_idp_to_domain_assignment_facts +short_description: Get idp-to-domain-assignment objects facts on Checkpoint over Web Services API +description: + - Get idp-to-domain-assignment objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + assigned_domain: + description: + - Represents the Domain assigned by 'idp-to-domain-assignment', need to be domain name or UID. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-idp-to-domain-assignment + cp_mgmt_idp_to_domain_assignment_facts: + assigned_domain: SMS + +- name: show-idp-to-domain-assignments + cp_mgmt_idp_to_domain_assignment_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + assigned_domain=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "idp-to-domain-assignment" + api_call_object_plural_version = "idp-to-domain-assignments" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py new file mode 100644 index 000000000..aba149118 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_install_database +short_description: Copies the user database and network objects information to specified targets. +description: + - Copies the user database and network objects information to specified targets. + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + targets: + description: + - Check Point host(s) with one or more Management Software Blades enabled. The targets can be identified by their name or unique identifier. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: install-database + cp_mgmt_install_database: + targets: + - checkpointhost1 + - checkpointhost2 +""" + +RETURN = """ +cp_mgmt_install_database: + description: The checkpoint install-database output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + targets=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "install-database" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py new file mode 100644 index 000000000..60cc030dd --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_install_lsm_policy +short_description: Executes the lsm-install-policy on a given list of targets. Install the LSM policy that defined on the attached LSM profile on the targets + devices. +description: + - Executes the lsm-install-policy on a given list of targets. Install the LSM policy that defined on the attached LSM profile on the targets devices. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: install-lsm-policy + cp_mgmt_install_lsm_policy: + targets: + - lsm_gateway +""" + +RETURN = """ +cp_mgmt_install_lsm_policy: + description: The checkpoint install-lsm-policy output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + targets=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "install-lsm-policy" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py new file mode 100644 index 000000000..53fba12d1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_install_lsm_settings +short_description: Executes the lsm-install-settings on a given list of targets. Install the provisioning settings that defined on the object on the targets + devices. +description: + - Executes the lsm-install-settings on a given list of targets. Install the provisioning settings that defined on the object on the targets devices. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: install-lsm-settings + cp_mgmt_install_lsm_settings: + targets: + - lsm_gateway +""" + +RETURN = """ +cp_mgmt_install_lsm_settings: + description: The checkpoint install-lsm-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + targets=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "install-lsm-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py new file mode 100644 index 000000000..4a14111d2 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_install_policy +short_description: install policy on Check Point over Web Services API +description: + - install policy on Check Point over Web Services API + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + policy_package: + description: + - The name of the Policy Package to be installed. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + access: + description: + - Set to be true in order to install the Access Control policy. By default, the value is true if Access Control policy is enabled on the input + policy package, otherwise false. + type: bool + desktop_security: + description: + - Set to be true in order to install the Desktop Security policy. By default, the value is true if desktop security policy is enabled on the + input policy package, otherwise false. + type: bool + qos: + description: + - Set to be true in order to install the QoS policy. By default, the value is true if Quality-of-Service policy is enabled on the input policy + package, otherwise false. + type: bool + threat_prevention: + description: + - Set to be true in order to install the Threat Prevention policy. By default, the value is true if Threat Prevention policy is enabled on the + input policy package, otherwise false. + type: bool + install_on_all_cluster_members_or_fail: + description: + - Relevant for the gateway clusters. If true, the policy is installed on all the cluster members. If the installation on a cluster member fails, + don't install on that cluster. + type: bool + prepare_only: + description: + - If true, prepares the policy for the installation, but doesn't install it on an installation target. + type: bool + revision: + description: + - The UID of the revision of the policy to install. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: install-policy + cp_mgmt_install_policy: + access: true + policy_package: standard + targets: + - corporate-gateway + threat_prevention: true +""" + +RETURN = """ +cp_mgmt_install_policy: + description: The checkpoint install-policy output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + policy_package=dict(type='str'), + targets=dict(type='list', elements='str'), + access=dict(type='bool'), + desktop_security=dict(type='bool'), + qos=dict(type='bool'), + threat_prevention=dict(type='bool'), + install_on_all_cluster_members_or_fail=dict(type='bool'), + prepare_only=dict(type='bool'), + revision=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "install-policy" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py new file mode 100644 index 000000000..3a967e6cb --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py @@ -0,0 +1,121 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_install_software_package +short_description: Installs the software package on target machines. +description: + - Installs the software package on target machines. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the software package. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + cluster_installation_settings: + description: + - Installation settings for cluster. + type: dict + suboptions: + cluster_delay: + description: + - The delay between end of installation on one cluster members and start of installation on the next cluster member. + type: int + cluster_strategy: + description: + - The cluster installation strategy. + type: str + concurrency_limit: + description: + - The number of targets, on which the same package is installed at the same time. + type: int + method: + description: + - NOTE, Supported from Check Point version R81 + - How we want to use the package. + type: str + choices: ['install', 'upgrade'] + package_location: + description: + - NOTE, Supported from Check Point version R81 + - The package repository. + type: str + choices: ['automatic', 'target-machine', 'central'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: install-software-package + cp_mgmt_install_software_package: + name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz + package_location: automatic + targets.1: corporate-gateway +""" + +RETURN = """ +cp_mgmt_install_software_package: + description: The checkpoint install-software-package output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + targets=dict(type='list', elements='str'), + cluster_installation_settings=dict(type='dict', options=dict( + cluster_delay=dict(type='int'), + cluster_strategy=dict(type='str') + )), + concurrency_limit=dict(type='int'), + method=dict(type='str', choices=['install', 'upgrade']), + package_location=dict(type='str', choices=['automatic', 'target-machine', 'central']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "install-software-package" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py new file mode 100644 index 000000000..9416e810e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py @@ -0,0 +1,319 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_interoperable_device +short_description: Manages interoperable-device objects on Checkpoint over Web Services API +description: + - Manages interoperable-device objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. + type: str + ipv4_address: + description: + - IPv4 address of the Interoperable Device. + type: str + ipv6_address: + description: + - IPv6 address of the Interoperable Device. + type: str + interfaces: + description: + - Network interfaces. + type: list + elements: dict + suboptions: + name: + description: + - Object name. Must be unique in the domain. + type: str + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + network_mask: + description: + - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of + providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use + ipv4-mask-length and ipv6-mask-length fields explicitly. + type: str + ipv4_network_mask: + description: + - IPv4 network address. + type: str + ipv6_network_mask: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. + type: str + ipv4_mask_length: + description: + - IPv4 network mask length. + type: str + ipv6_mask_length: + description: + - IPv6 network mask length. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + topology: + description: + - Topology configuration. + type: str + choices: ['external', 'internal'] + topology_settings: + description: + - Internal topology settings. + type: dict + suboptions: + interface_leads_to_dmz: + description: + - Whether this interface leads to demilitarized zone (perimeter network). + type: bool + ip_address_behind_this_interface: + description: + - Network settings behind this interface. + type: str + choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific'] + specific_network: + description: + - Network behind this interface. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain + only and with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + vpn_settings: + description: + - VPN domain properties for the Interoperable Device. + type: dict + suboptions: + vpn_domain: + description: + - Network group representing the customized encryption domain. Must be set when vpn-domain-type is set to 'manual' option. + type: str + vpn_domain_exclude_external_ip_addresses: + description: + - Exclude the external IP addresses from the VPN domain of this Interoperable device. + type: bool + vpn_domain_type: + description: + - Indicates the encryption domain. + type: str + choices: ['manual', 'addresses_behind_gw'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-interoperable-device + cp_mgmt_interoperable_device: + ip_address: 192.168.1.6 + name: NewInteroperableDevice + state: present + +- name: set-interoperable-device + cp_mgmt_interoperable_device: + ip_address: 192.168.1.6 + name: NewInteroperableDevice + state: present + +- name: delete-interoperable-device + cp_mgmt_interoperable_device: + name: NewInteroperableDevice + state: absent +""" + +RETURN = """ +cp_mgmt_interoperable_device: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + network_mask=dict(type='str'), + ipv4_network_mask=dict(type='str'), + ipv6_network_mask=dict(type='str'), + mask_length=dict(type='str'), + ipv4_mask_length=dict(type='str'), + ipv6_mask_length=dict(type='str'), + tags=dict(type='list', elements='str'), + topology=dict(type='str', choices=['external', 'internal']), + topology_settings=dict(type='dict', options=dict( + interface_leads_to_dmz=dict(type='bool'), + ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', + 'network defined by routing', 'specific']), + specific_network=dict(type='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + vpn_settings=dict(type='dict', options=dict( + vpn_domain=dict(type='str'), + vpn_domain_exclude_external_ip_addresses=dict(type='bool'), + vpn_domain_type=dict(type='str', choices=['manual', 'addresses_behind_gw']) + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + groups=dict(type='list', elements='str'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'interoperable-device' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py new file mode 100644 index 000000000..bbc70da9d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_interoperable_device_facts +short_description: Get interoperable-device objects facts on Checkpoint over Web Services API +description: + - Get interoperable-device objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-interoperable-device + cp_mgmt_interoperable_device_facts: + name: NewInteroperableDevice + +- name: show-interoperable-devices + cp_mgmt_interoperable_device_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "interoperable-device" + api_call_object_plural_version = "interoperable-devices" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py new file mode 100644 index 000000000..422d31424 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py @@ -0,0 +1,286 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_cluster +short_description: Manages lsm-cluster objects on Checkpoint over Web Services API +description: + - Manages lsm-cluster objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.3.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + main_ip_address: + description: + - Main IP address. + type: str + name_prefix: + description: + - A prefix added to the profile name and creates the LSM cluster name. + type: str + name_suffix: + description: + - A suffix added to the profile name and creates the LSM cluster name. + type: str + security_profile: + description: + - LSM profile. + type: str + required: True + interfaces: + description: + - Interfaces. + type: list + elements: dict + suboptions: + name: + description: + - Interface name. + type: str + ip_address_override: + description: + - IP address override. Net mask is defined by the attached LSM profile. + type: str + member_network_override: + description: + - Member network override. Net mask is defined by the attached LSM profile. + type: str + members: + description: + - Members. + type: list + elements: dict + suboptions: + name: + description: + - Object name. + type: str + provisioning_settings: + description: + - Provisioning settings. This field is relevant just for SMB clusters. + type: dict + suboptions: + provisioning_profile: + description: + - Provisioning profile. + type: str + provisioning_state: + description: + - Provisioning state. This field is relevant just for SMB clusters. By default the state is 'manual'- enable provisioning but not attach + to profile.If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings. + type: str + choices: ['off', 'manual', 'using-profile'] + sic: + description: + - Secure Internal Communication. + type: dict + suboptions: + ip_address: + description: + - IP address. When IP address is provided- initiate trusted communication immediately using this IP address. + type: str + one_time_password: + description: + - One-time password. When one-time password is provided without ip-address- trusted communication is + automatically initiated when the gateway connects to the Security Management server for the first time. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-lsm-cluster + cp_mgmt_lsm_cluster: + interfaces: + - ip_address_override: 192.168.8.197 + member_network_override: 192.168.8.0 + name: eth0 + new_name: WAN + - ip_address_override: 10.8.197.1 + member_network_override: 10.8.197.0 + name: eth1 + new_name: LAN1 + - member_network_override: 10.10.10.0 + name: eth2 + main_ip_address: 192.168.8.197 + members: + - name: Gaia_gw1 + sic: + ip_address: 192.168.8.200 + one_time_password: aaaa + - name: Gaia_gw2 + sic: + ip_address: 192.168.8.202 + one_time_password: aaaa + name_prefix: Gaia_ + security_profile: gaia_cluster + state: present + +- name: set-lsm-cluster + cp_mgmt_lsm_cluster: + interfaces: + - ip_address_override: 192.168.8.197 + member_network_override: 192.168.8.0 + name: eth0 + new_name: WAN + - ip_address_override: 10.8.197.1 + member_network_override: 10.8.197.0 + name: eth1 + new_name: LAN1 + - member_network_override: 10.10.10.0 + name: eth2 + members: + - name: Gaia_gw1 + sic: + ip_address: 192.168.8.200 + one_time_password: aaaa + - name: Gaia_gw2 + sic: + ip_address: 192.168.8.202 + one_time_password: aaaa + name: Gaia_gaia_cluster + state: present + +- name: delete-lsm-cluster + cp_mgmt_lsm_cluster: + name: lsm_cluster + state: absent +""" + +RETURN = """ +cp_mgmt_lsm_cluster: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + main_ip_address=dict(type='str'), + name_prefix=dict(type='str'), + name_suffix=dict(type='str'), + security_profile=dict(type='str', required=True), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + ip_address_override=dict(type='str'), + member_network_override=dict(type='str') + )), + members=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + provisioning_settings=dict(type='dict', options=dict( + provisioning_profile=dict(type='str') + )), + provisioning_state=dict(type='str', choices=['off', 'manual', 'using-profile']), + sic=dict(type='dict', options=dict( + ip_address=dict(type='str'), + one_time_password=dict(type='str', no_log=True) + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', + 'sienna', 'yellow']), + comments=dict(type='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + # Create lsm-cluster name + name = module.params['security_profile'] + + if module.params['name_prefix']: + name = module.params['name_prefix'] + name + if module.params['name_suffix']: + name = name + module.params['name_suffix'] + module.params['name'] = name + + api_call_object = 'lsm-cluster' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py new file mode 100644 index 000000000..1c7fbec44 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_cluster_facts +short_description: Get lsm-cluster objects facts on Checkpoint over Web Services API +description: + - Get lsm-cluster objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.3.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-lsm-cluster + cp_mgmt_lsm_cluster_facts: + name: lsm_cluster + +- name: show-lsm-clusters + cp_mgmt_lsm_cluster_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "lsm-cluster" + api_call_object_plural_version = "lsm-clusters" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py new file mode 100644 index 000000000..384c5b218 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_cluster_profile_facts +short_description: Get lsm-cluster-profile objects facts on Checkpoint over Web Services API +description: + - Get lsm-cluster-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-lsm-cluster-profile + cp_mgmt_lsm_cluster_profile_facts: + name: cluster_profile + +- name: show-lsm-cluster-profiles + cp_mgmt_lsm_cluster_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "lsm-cluster-profile" + api_call_object_plural_version = "lsm-cluster-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py new file mode 100644 index 000000000..21fc7ce5a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py @@ -0,0 +1,178 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_gateway +short_description: Manages lsm-gateway objects on Checkpoint over Web Services API +description: + - Manages lsm-gateway objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.3.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + type: str + required: True + security_profile: + description: + - LSM profile. + type: str + provisioning_settings: + description: + - Provisioning settings. + type: dict + suboptions: + provisioning_profile: + description: + - Provisioning profile. + type: str + provisioning_state: + description: + - Provisioning state. By default the state is 'manual'- enable provisioning but not attach to profile. + - If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings. + type: str + choices: ['off', 'manual', 'using-profile'] + sic: + description: + - Secure Internal Communication. + type: dict + suboptions: + ip_address: + description: + - IP address. When IP address is provided- initiate trusted communication immediately using this IP address. + type: str + one_time_password: + description: + - One-time password. When one-time password is provided without ip-address- trusted communication is automatically initiated when the + gateway connects to the Security Management server for the first time. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-lsm-gateway + cp_mgmt_lsm_gateway: + name: lsm_gateway + provisioning_settings: + provisioning_profile: prv_profile + provisioning_state: using-profile + security_profile: lsm_profile + sic: + ip_address: 1.2.3.4 + one_time_password: aaaa + state: present + +- name: set-lsm-gateway + cp_mgmt_lsm_gateway: + name: lsm_gateway + provisioning_settings: + provisioning_profile: prv_profile + provisioning_state: using-profile + security_profile: lsm_profile + sic: + ip_address: 1.2.3.4 + one_time_password: aaaa + state: present + +- name: delete-lsm-gateway + cp_mgmt_lsm_gateway: + name: lsm_gateway + state: absent +""" + +RETURN = """ +cp_mgmt_lsm_gateway: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + security_profile=dict(type='str'), + provisioning_settings=dict(type='dict', options=dict( + provisioning_profile=dict(type='str') + )), + provisioning_state=dict(type='str', choices=['off', 'manual', 'using-profile']), + sic=dict(type='dict', options=dict( + ip_address=dict(type='str'), + one_time_password=dict(type='str', no_log=True) + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'lsm-gateway' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py new file mode 100644 index 000000000..b13444e96 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_gateway_facts +short_description: Get lsm-gateway objects facts on Checkpoint over Web Services API +description: + - Get lsm-gateway objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.3.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-lsm-gateway + cp_mgmt_lsm_gateway_facts: + name: lsm_gateway + +- name: show-lsm-gateways + cp_mgmt_lsm_gateway_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "lsm-gateway" + api_call_object_plural_version = "lsm-gateways" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py new file mode 100644 index 000000000..6778f237c --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_gateway_profile_facts +short_description: Get lsm-gateway-profile objects facts on Checkpoint over Web Services API +description: + - Get lsm-gateway-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-lsm-gateway-profile + cp_mgmt_lsm_gateway_profile_facts: + name: gateway_profile + +- name: show-lsm-gateway-profiles + cp_mgmt_lsm_gateway_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "lsm-gateway-profile" + api_call_object_plural_version = "lsm-gateway-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py new file mode 100644 index 000000000..d3828262d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_run_script +short_description: Executes the lsm-run-script on a given list of targets. Run the given script on the targets devices. +description: + - Executes the lsm-run-script on a given list of targets. Run the given script on the targets devices. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + script_base64: + description: + - The entire content of the script encoded in Base64. + type: str + script: + description: + - The entire content of the script. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: lsm-run-script + cp_mgmt_lsm_run_script: + script: ls -l / + targets: + - lsm_gateway +""" + +RETURN = """ +cp_mgmt_lsm_run_script: + description: The checkpoint lsm-run-script output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + script_base64=dict(type='str'), + script=dict(type='str'), + targets=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "lsm-run-script" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py new file mode 100644 index 000000000..01f52aafe --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py @@ -0,0 +1,210 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_md_permissions_profile +short_description: Manages md-permissions-profile objects on Checkpoint over Web Services API +description: + - Manages md-permissions-profile objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + permission_level: + description: + - The level of the Multi Domain Permissions Profile.<br>The level cannot be changed after creation. + type: str + choices: ['super user', 'manager', 'domain level only'] + mds_provisioning: + description: + - Create and manage Multi-Domain Servers and Multi-Domain Log Servers.<br>Only a "Super User" permission-level profile can select this option. + type: bool + manage_admins: + description: + - Create and manage Multi-Domain Security Management administrators with the same or lower permission level. For example, a Domain manager + cannot create Superusers or global managers.<br>Only a 'Manager' permission-level profile can edit this permission. + type: bool + manage_sessions: + description: + - Connect/disconnect Domain sessions, publish changes, and delete other administrator sessions.<br>Only a 'Manager' permission-level profile can + edit this permission. + type: bool + management_api_login: + description: + - Permission to log in to the Security Management Server and run API commands using these tools, mgmt_cli (Linux and Windows binaries), Gaia CLI + (clish) and Web Services (REST). Useful if you want to prevent administrators from running automatic scripts on the Management.<br>Note, This + permission is not required to run commands from within the API terminal in SmartConsole. + type: bool + cme_operations: + description: + - Permission to read / edit the Cloud Management Extension (CME) configuration. + type: str + choices: ['read', 'write', 'disabled'] + global_vpn_management: + description: + - Lets the administrator select Enable global use for a Security Gateway shown in the MDS Gateways & Servers view.<br>Only a 'Manager' + permission-level profile can edit this permission. + type: bool + manage_global_assignments: + description: + - Controls the ability to create, edit and delete global assignment and not the ability to reassign, which is set according to the specific + Domain's permission profile. + type: bool + enable_default_profile_for_global_domains: + description: + - Enable the option to specify a default profile for all global domains. + type: bool + default_profile_global_domains: + description: + - Name or UID of the required default profile for all global domains. + type: str + view_global_objects_in_domain: + description: + - Lets an administrator with no global objects permissions view the global objects in the domain. This option is required for valid domain management. + type: bool + enable_default_profile_for_local_domains: + description: + - Enable the option to specify a default profile for all local domains. + type: bool + default_profile_local_domains: + description: + - Name or UID of the required default profile for all local domains. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-md-permissions-profile + cp_mgmt_md_permissions_profile: + name: manager profile + state: present + +- name: set-md-permissions-profile + cp_mgmt_md_permissions_profile: + default_profile_global_domains: read write all + name: manager profile + permission_level: domain level only + state: present + +- name: delete-md-permissions-profile + cp_mgmt_md_permissions_profile: + name: profile + state: absent +""" + +RETURN = """ +cp_mgmt_md_permissions_profile: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + permission_level=dict(type='str', choices=['super user', 'manager', 'domain level only']), + mds_provisioning=dict(type='bool'), + manage_admins=dict(type='bool'), + manage_sessions=dict(type='bool'), + management_api_login=dict(type='bool'), + cme_operations=dict(type='str', choices=['read', 'write', 'disabled']), + global_vpn_management=dict(type='bool'), + manage_global_assignments=dict(type='bool'), + enable_default_profile_for_global_domains=dict(type='bool'), + default_profile_global_domains=dict(type='str'), + view_global_objects_in_domain=dict(type='bool'), + enable_default_profile_for_local_domains=dict(type='bool'), + default_profile_local_domains=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'md-permissions-profile' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py new file mode 100644 index 000000000..285752fd7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_md_permissions_profile_facts +short_description: Get md-permissions-profile objects facts on Checkpoint over Web Services API +description: + - Get md-permissions-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-md-permissions-profile + cp_mgmt_md_permissions_profile_facts: + name: profile + +- name: show-md-permissions-profiles + cp_mgmt_md_permissions_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "md-permissions-profile" + api_call_object_plural_version = "md-permissions-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py new file mode 100644 index 000000000..726164ba5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py @@ -0,0 +1,208 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mds +short_description: Manages mds objects on Checkpoint over Web Services API +description: + - Manages mds objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hardware: + description: + - Hardware name. For example, Open server, Smart-1, Other. + type: str + os: + description: + - Operating system name. For example, Gaia, Linux, SecurePlatform. + type: str + version: + description: + - System version. + type: str + one_time_password: + description: + - Secure internal connection one time password. + type: str + server_type: + description: + - Type of the management server. + type: str + choices: ['multi-domain server', 'multi-domain log server'] + ip_pool_first: + description: + - First IP address in the range. + type: str + ipv4_pool_first: + description: + - First IPv4 address in the range. + type: str + ipv6_pool_first: + description: + - First IPv6 address in the range. + type: str + ip_pool_last: + description: + - Last IP address in the range. + type: str + ipv4_pool_last: + description: + - Last IPv4 address in the range. + type: str + ipv6_pool_last: + description: + - Last IPv6 address in the range. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-mds + cp_mgmt_mds: + hardware: open server + ip_address: 1.1.1.1 + ip_pool_first: 2.2.2.2 + ip_pool_last: 3.3.3.3 + name: mymds + os: gaia + server_type: multi-domain server + state: present + +- name: set-mds + cp_mgmt_mds: + hardware: Smart-1 + ip_address: 1.2.3.4 + name: mymds + os: linux + state: present + +- name: delete-mds + cp_mgmt_mds: + name: mymds + state: absent +""" + +RETURN = """ +cp_mgmt_mds: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + hardware=dict(type='str'), + os=dict(type='str'), + version=dict(type='str'), + one_time_password=dict(type='str', no_log=True), + server_type=dict(type='str', choices=['multi-domain server', 'multi-domain log server']), + ip_pool_first=dict(type='str'), + ipv4_pool_first=dict(type='str'), + ipv6_pool_first=dict(type='str'), + ip_pool_last=dict(type='str'), + ipv4_pool_last=dict(type='str'), + ipv6_pool_last=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'mds' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py new file mode 100644 index 000000000..46bca5be4 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py @@ -0,0 +1,124 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mds_facts +short_description: Get Multi-Domain Server (mds) objects facts on Check Point over Web Services API +description: + - Get mds objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-mds + cp_mgmt_mds_facts: + name: test_mds1 + +- name: show-mdss + cp_mgmt_mds_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "mds" + api_call_object_plural_version = "mdss" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py new file mode 100644 index 000000000..04cc7a72f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py @@ -0,0 +1,183 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_multicast_address_range +short_description: Manages multicast-address-range objects on Check Point over Web Services API +description: + - Manages multicast-address-range objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + ip_address_first: + description: + - First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_first: + description: + - First IPv4 address in the range. + type: str + ipv6_address_first: + description: + - First IPv6 address in the range. + type: str + ip_address_last: + description: + - Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_last: + description: + - Last IPv4 address in the range. + type: str + ipv6_address_last: + description: + - Last IPv6 address in the range. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-multicast-address-range + cp_mgmt_multicast_address_range: + ip_address_first: 224.0.0.1 + ip_address_last: 224.0.0.4 + name: New Multicast Address Range + state: present + +- name: set-multicast-address-range + cp_mgmt_multicast_address_range: + ip_address_first: 224.0.0.7 + ip_address_last: 224.0.0.10 + name: New Multicast Address Range + state: present + +- name: delete-multicast-address-range + cp_mgmt_multicast_address_range: + name: New Multicast Address Range + state: absent +""" + +RETURN = """ +cp_mgmt_multicast_address_range: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + ip_address_first=dict(type='str'), + ipv4_address_first=dict(type='str'), + ipv6_address_first=dict(type='str'), + ip_address_last=dict(type='str'), + ipv4_address_last=dict(type='str'), + ipv6_address_last=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'multicast-address-range' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py new file mode 100644 index 000000000..c32390e6d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py @@ -0,0 +1,130 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_multicast_address_range_facts +short_description: Get multicast-address-range objects facts on Check Point over Web Services API +description: + - Get multicast-address-range objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-multicast-address-range + cp_mgmt_multicast_address_range_facts: + name: New Multicast Address Range + +- name: show-multicast-address-ranges + cp_mgmt_multicast_address_range_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "multicast-address-range" + api_call_object_plural_version = "multicast-address-ranges" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py new file mode 100644 index 000000000..c1c4465bd --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py @@ -0,0 +1,203 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_nat_rule_facts +short_description: Get nat-rule objects facts on Checkpoint over Web Services API +description: + - Get nat-rule objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + rule_number: + description: + - Rule number. + type: str + package: + description: + - Name of the package. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + use_object_dictionary: + description: + - N/A + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-nat-rule + cp_mgmt_nat_rule_facts: + package: standard + +- name: show-nat-rulebase + cp_mgmt_nat_rule_facts: + details_level: standard + limit: 2 + offset: 1 + package: standard + use_object_dictionary: true +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule + + +def main(): + argument_spec = dict( + rule_number=dict(type='str'), + package=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "nat-rule" + api_call_object_plural_version = "nat-rulebase" + + result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py new file mode 100644 index 000000000..d81d2609d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py @@ -0,0 +1,119 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_nat_section +short_description: Manages nat-section objects on Checkpoint over Web Services API +description: + - Manages nat-section objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + package: + description: + - Name of the package. + type: str + position: + description: + - Position in the rulebase. + type: str + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-nat-section + cp_mgmt_nat_section: + name: New Section 1 + package: standard + position: 1 + state: present + +- name: set-nat-section + cp_mgmt_nat_section: + name: New Section 1 + package: standard + state: present + +- name: delete-nat-section + cp_mgmt_nat_section: + name: New Section 1 + package: standard + state: absent +""" + +RETURN = """ +cp_mgmt_nat_section: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + package=dict(type='str'), + position=dict(type='str'), + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'nat-section' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py new file mode 100644 index 000000000..1fc5e0489 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py @@ -0,0 +1,227 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_network +short_description: Manages network objects on Check Point over Web Services API +description: + - Manages network objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + subnet: + description: + - IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly. + type: str + subnet4: + description: + - IPv4 network address. + type: str + subnet6: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask length + it is possible to specify IPv4 mask itself in subnet-mask field. + type: int + mask_length4: + description: + - IPv4 network mask length. + type: int + mask_length6: + description: + - IPv6 network mask length. + type: int + subnet_mask: + description: + - IPv4 network mask. + type: str + nat_settings: + description: + - NAT settings. + type: dict + suboptions: + auto_rule: + description: + - Whether to add automatic address translation rules. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not + required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway". + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hide_behind: + description: + - Hide behind method. This parameter is not required in case "method" parameter is "static". + type: str + choices: ['gateway', 'ip-address'] + install_on: + description: + - Which gateway should apply the NAT translation. + type: str + method: + description: + - NAT translation method. + type: str + choices: ['hide', 'static'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + broadcast: + description: + - Allow broadcast address inclusion. + type: str + choices: ['disallow', 'allow'] + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-network + cp_mgmt_network: + name: New Network 1 + state: present + subnet: 192.0.2.0 + subnet_mask: 255.255.255.0 + +- name: set-network + cp_mgmt_network: + color: green + mask_length: 16 + name: New Network 1 + new_name: New Network 2 + state: present + subnet: 192.0.0.0 + +- name: delete-network + cp_mgmt_network: + name: New Network 2 + state: absent +""" + +RETURN = """ +cp_mgmt_network: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + subnet=dict(type='str'), + subnet4=dict(type='str'), + subnet6=dict(type='str'), + mask_length=dict(type='int'), + mask_length4=dict(type='int'), + mask_length6=dict(type='int'), + subnet_mask=dict(type='str'), + nat_settings=dict(type='dict', options=dict( + auto_rule=dict(type='bool'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + hide_behind=dict(type='str', choices=['gateway', 'ip-address']), + install_on=dict(type='str'), + method=dict(type='str', choices=['hide', 'static']) + )), + tags=dict(type='list', elements='str'), + broadcast=dict(type='str', choices=['disallow', 'allow']), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'network' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py new file mode 100644 index 000000000..9cb2382ca --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_network_facts +short_description: Get network objects facts on Check Point over Web Services API +description: + - Get network objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-network + cp_mgmt_network_facts: + name: New Network 1 + +- name: show-networks + cp_mgmt_network_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "network" + api_call_object_plural_version = "networks" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py new file mode 100644 index 000000000..f00e21773 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py @@ -0,0 +1,243 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_network_feed +short_description: Manages network-feed objects on Checkpoint over Web Services API +description: + - Manages network-feed objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + feed_url: + description: + - URL of the feed. URL should be written as http or https. + type: str + certificate_id: + description: + - Certificate SHA-1 fingerprint to access the feed. + type: str + feed_format: + description: + - Feed file format. + type: str + choices: ['Flat List', 'JSON'] + feed_type: + description: + - Feed type to be enforced. + type: str + choices: ['Domain', 'IP Address', 'IP Address/Domain'] + password: + description: + - password for authenticating with the URL. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + username: + description: + - username for authenticating with the URL. + type: str + custom_header: + description: + - Headers to allow different authentication methods with the URL. + type: list + elements: dict + suboptions: + header_name: + description: + - The name of the HTTP header we wish to add. + type: str + header_value: + description: + - The name of the HTTP value we wish to add. + type: str + update_interval: + description: + - Interval in minutes for updating the feed on the Security Gateway. + type: int + data_column: + description: + - Number of the column that contains the feed's data. + type: int + fields_delimiter: + description: + - The delimiter that separates between the columns in the feed. + type: str + ignore_lines_that_start_with: + description: + - A prefix that will determine which lines to ignore. + type: str + json_query: + description: + - JQ query to be parsed. + type: str + use_gateway_proxy: + description: + - Use the gateway's proxy for retrieving the feed. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-network-feed + cp_mgmt_network_feed: + custom_header: + - header_name: header1 + header_value: value1 + - header_name: header2 + header_value: value2 + data_column: 1 + feed_format: Flat List + feed_type: IP Address + feed_url: https://www.feedsresource.com/resource + fields_delimiter: "\t" + ignore_lines_that_start_with: '!' + name: network_feed + password: feed_password + state: present + update_interval: 60 + use_gateway_proxy: false + username: feed_username + +- name: set-network-feed + cp_mgmt_network_feed: + custom_header: + - header_name: new_header + header_value: new_value + data_column: 1 + feed_format: Flat List + feed_type: IP Address + feed_url: https://www.feedsresource.com/new_resource + fields_delimiter: ',' + ignore_lines_that_start_with: '!' + name: network_feed + password: new_password + state: present + update_interval: 60 + use_gateway_proxy: false + username: new_username + +- name: delete-network-feed + cp_mgmt_network_feed: + name: network_feed + state: absent +""" + +RETURN = """ +cp_mgmt_network_feed: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + feed_url=dict(type='str'), + certificate_id=dict(type='str'), + feed_format=dict(type='str', choices=['Flat List', 'JSON']), + feed_type=dict(type='str', choices=['Domain', 'IP Address', 'IP Address/Domain']), + password=dict(type='str', no_log=True), + tags=dict(type='list', elements='str'), + username=dict(type='str'), + custom_header=dict(type='list', elements='dict', options=dict( + header_name=dict(type='str'), + header_value=dict(type='str') + )), + update_interval=dict(type='int'), + data_column=dict(type='int'), + fields_delimiter=dict(type='str'), + ignore_lines_that_start_with=dict(type='str'), + json_query=dict(type='str'), + use_gateway_proxy=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'network-feed' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py new file mode 100644 index 000000000..e2aa53fbe --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_network_feed_facts +short_description: Get network-feed objects facts on Checkpoint over Web Services API +description: + - Get network-feed objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-network-feed + cp_mgmt_network_feed_facts: + name: network_feed + +- name: show-network-feeds + cp_mgmt_network_feed_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "network-feed" + api_call_object_plural_version = "network-feeds" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py new file mode 100644 index 000000000..50f059051 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py @@ -0,0 +1,181 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_objects_facts +short_description: Get objects objects facts on Checkpoint over Web Services API +description: + - Get objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uid: + description: + - Object unique identifier. + type: str + uids: + description: + - List of UIDs of the objects to retrieve. + type: list + elements: str + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. By default, the search involves both a textual search and a IP + search. To use IP search only, set the "ip-only" parameter to true. + type: str + ip_only: + description: + - If using "filter", use this field to search objects by their IP address only, without involving the textual search.<br><br>IP search use + cases<br> <ul><li>Full IPv4 address matches for,<br> - Hosts, Check Point + Hosts and Gateways with exact IPv4 match or with interfaces which subnet contains the search + address<br> - IPv4 Networks and IPv4 Address Ranges that contain the search address</li> + <br> <li>Partial IPv4 address matches for,<br> - Hosts, Networks, Check Point + Hosts and Gateways with IPv4 address that starts from the search address<br> - Hosts, Check Point + Hosts and Gateways with interfaces which subnet address starts from the search address<br> - IPv4 + Address Ranges with first address or last address that starts from the search address<br> - IPv4 + Networks and IPv4 Address Ranges that contain the network derived from the search address supplemented with missing octets (all + zeroes)<br> - Hosts, Check Point Hosts and Gateways with interfaces which subnet contains the network + derived from the search address supplemented with missing octets (all zeroes)</li><br> <li>IPv6 + address,<br> - Not supported</li></ul><br><br> * Check Point Host is a server of type Network Policy + Management, Logging & Status, SmartEvent, etc.<br> * When one IP address is checked to start from another (partial) IP address - only full octets are + considered <br> * Check Examples part for IP search examples. + type: bool + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting a specific object. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting a specific object. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting a specific object. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + type: + description: + - The objects' type, e.g., host, service-tcp, network, address-range... + type: str + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-objects + cp_mgmt_objects_facts: + limit: 50 + offset: 0 + order: + - ASC: name + type: group + +- name: show-object + cp_mgmt_objects_facts: + uid: ef82887c-d08f-49a3-a18f-a376be633848 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + uid=dict(type='str'), + uids=dict(type='list', elements='str'), + filter=dict(type='str'), + ip_only=dict(type='bool'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + type=dict(type='str'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "object" + api_call_object_plural_version = "objects" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py new file mode 100644 index 000000000..e8a403f96 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py @@ -0,0 +1,251 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_package +short_description: Manages package objects on Check Point over Web Services API +description: + - Manages package objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + access: + description: + - True - enables, False - disables access & NAT policies, empty - nothing is changed. + type: bool + desktop_security: + description: + - True - enables, False - disables Desktop security policy, empty - nothing is changed. + type: bool + installation_targets: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + qos: + description: + - True - enables, False - disables QoS policy, empty - nothing is changed. + type: bool + qos_policy_type: + description: + - QoS policy type. + type: str + choices: ['recommended', 'express'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + threat_prevention: + description: + - True - enables, False - disables Threat policy, empty - nothing is changed. + type: bool + vpn_traditional_mode: + description: + - True - enables, False - disables VPN traditional mode, empty - nothing is changed. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + access_layers: + description: + - Access policy layers. + type: dict + suboptions: + add: + description: + - Collection of Access layer objects to be added identified by the name or UID. + type: list + elements: dict + suboptions: + name: + description: + - Layer name or UID. + type: str + position: + description: + - Layer position. + type: int + remove: + description: + - Collection of Access layer objects to be removed identified by the name or UID. + type: list + elements: str + value: + description: + - Collection of Access layer objects to be set identified by the name or UID. Replaces existing Access layers. + type: list + elements: str + threat_layers: + description: + - Threat policy layers. + type: dict + suboptions: + add: + description: + - Collection of Threat layer objects to be added identified by the name or UID. + type: list + elements: dict + suboptions: + name: + description: + - Layer name or UID. + type: str + position: + description: + - Layer position. + type: int + remove: + description: + - Collection of Threat layer objects to be removed identified by the name or UID. + type: list + elements: str + value: + description: + - Collection of Threat layer objects to be set identified by the name or UID. Replaces existing Threat layers. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-package + cp_mgmt_package: + access: true + color: green + comments: My Comments + name: New_Standard_Package_1 + state: present + threat_prevention: false + +- name: set-package + cp_mgmt_package: + access_layers: + add: + - name: New Access Layer 1 + position: 1 + name: Standard + state: present + threat_layers: + add: + - name: New Layer 1 + position: 2 + +- name: delete-package + cp_mgmt_package: + name: New Standard Package 1 + state: absent +""" + +RETURN = """ +cp_mgmt_package: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + access=dict(type='bool'), + desktop_security=dict(type='bool'), + installation_targets=dict(type='list', elements='str'), + qos=dict(type='bool'), + qos_policy_type=dict(type='str', choices=['recommended', 'express']), + tags=dict(type='list', elements='str'), + threat_prevention=dict(type='bool'), + vpn_traditional_mode=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + access_layers=dict(type='dict', options=dict( + add=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + position=dict(type='int') + )), + remove=dict(type='list', elements='str'), + value=dict(type='list', elements='str') + )), + threat_layers=dict(type='dict', options=dict( + add=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + position=dict(type='int') + )), + remove=dict(type='list', elements='str'), + value=dict(type='list', elements='str') + )) + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'package' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py new file mode 100644 index 000000000..54c80e754 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_package_facts +short_description: Get package objects facts on Check Point over Web Services API +description: + - Get package objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-package + cp_mgmt_package_facts: + name: New_Standard_Package_1 + +- name: show-packages + cp_mgmt_package_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "package" + api_call_object_plural_version = "packages" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py new file mode 100644 index 000000000..b77a9b141 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_provisioning_profile_facts +short_description: Get provisioning-profile objects facts on Checkpoint over Web Services API +description: + - Get provisioning-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-provisioning-profile + cp_mgmt_provisioning_profile_facts: + name: prv_gaia_profile + +- name: show-provisioning-profiles + cp_mgmt_provisioning_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "provisioning-profile" + api_call_object_plural_version = "provisioning-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py new file mode 100644 index 000000000..c7dedd20a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_publish +short_description: All the changes done by this user will be seen by all users only after publish is called. +description: + - All the changes done by this user will be seen by all users only after publish is called. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: publish + cp_mgmt_publish: +""" + +RETURN = """ +cp_mgmt_publish: + description: The checkpoint publish output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "publish" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py new file mode 100644 index 000000000..8f7eaec4c --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py @@ -0,0 +1,102 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_put_file +short_description: put file on Check Point over Web Services API +description: + - put file on Check Point over Web Services API + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + file_content: + description: + - N/A + type: str + file_name: + description: + - N/A + type: str + file_path: + description: + - N/A + type: str + comments: + description: + - Comments string. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: put-file + cp_mgmt_put_file: + file_content: 'vs ip 192.0.2.1\nvs2 ip 192.0.2.2' + file_name: vsx_conf + file_path: /home/admin/ + targets: + - corporate-gateway +""" + +RETURN = """ +cp_mgmt_put_file: + description: The checkpoint put-file output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + targets=dict(type='list', elements='str'), + file_content=dict(type='str'), + file_name=dict(type='str'), + file_path=dict(type='str'), + comments=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "put-file" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py new file mode 100644 index 000000000..ab76c1389 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py @@ -0,0 +1,83 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_reject_session +short_description: Workflow feature - Return the session to the submitter administrator. +description: + - Workflow feature - Return the session to the submitter administrator. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uid: + description: + - Session unique identifier. + type: str + comments: + description: + - Reject justification. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: reject-session + cp_mgmt_reject_session: + comments: Typo in host name + uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +""" + +RETURN = """ +cp_mgmt_reject_session: + description: The checkpoint reject-session output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uid=dict(type='str'), + comments=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "reject-session" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py new file mode 100644 index 000000000..62d48cc56 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_repository_script +short_description: Manages repository-script objects on Checkpoint over Web Services API +description: + - Manages repository-script objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + script_body: + description: + - The entire content of the script. + type: str + script_body_base64: + description: + - The entire content of the script encoded in Base64. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-repository-script + cp_mgmt_repository_script: + name: New Script 1 + script_body: ls -l / + state: present + +- name: set-repository-script + cp_mgmt_repository_script: + color: green + name: New Script 1 + script_body: cpstat os -f all + state: present + +- name: delete-repository-script + cp_mgmt_repository_script: + name: New Script 1 + state: absent +""" + +RETURN = """ +cp_mgmt_repository_script: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + script_body=dict(type='str'), + script_body_base64=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'repository-script' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py new file mode 100644 index 000000000..67edad307 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_repository_script_facts +short_description: Get repository-script objects facts on Checkpoint over Web Services API +description: + - Get repository-script objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-repository-script + cp_mgmt_repository_script_facts: + name: New Script 1 + +- name: show-repository-scripts + cp_mgmt_repository_script_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "repository-script" + api_call_object_plural_version = "repository-scripts" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py new file mode 100644 index 000000000..cb5b8d00f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py @@ -0,0 +1,84 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_reset_sic +short_description: Reset Secure Internal Communication (SIC). To complete the reset operation need also to reset the device in the Check Point Configuration + Tool (by running cpconfig in Clish or Expert mode). Communication will not be possible until you reset and re-initialize the device properly. +description: + - Reset Secure Internal Communication (SIC). To complete the reset operation need also to reset the device in the Check Point Configuration Tool (by + running cpconfig in Clish or Expert mode). Communication will not be possible until you reset and re-initialize the device properly. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Gateway, cluster member or Check Point host name. + type: str + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: reset-sic + cp_mgmt_reset_sic: + name: gw1 +""" + +RETURN = """ +cp_mgmt_reset_sic: + description: The checkpoint reset-sic output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "reset-sic" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py new file mode 100644 index 000000000..2c9f99347 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_run_ips_update +short_description: Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center. +description: + - Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + package_path: + description: + - Offline update package path. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: run-ips-update + cp_mgmt_run_ips_update: +""" + +RETURN = """ +cp_mgmt_run_ips_update: + description: The checkpoint run-ips-update output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + package_path=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "run-ips-update" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py new file mode 100644 index 000000000..f4dabd98b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py @@ -0,0 +1,101 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_run_script +short_description: Executes the script on a given list of targets. +description: + - Executes the script on a given list of targets. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + script_name: + description: + - Script name. + type: str + script: + description: + - Script body. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + args: + description: + - Script arguments. + type: str + comments: + description: + - Comments string. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: run-script + cp_mgmt_run_script: + script: ls -l / + script_name: 'Script Example: List files under / dir' + targets: + - corporate-gateway +""" + +RETURN = """ +cp_mgmt_run_script: + description: The checkpoint run-script output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + script_name=dict(type='str'), + script=dict(type='str'), + targets=dict(type='list', elements='str'), + args=dict(type='str'), + comments=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "run-script" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py new file mode 100644 index 000000000..6c9cab11b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py @@ -0,0 +1,130 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_security_zone +short_description: Manages security-zone objects on Check Point over Web Services API +description: + - Manages security-zone objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-security-zone + cp_mgmt_security_zone: + color: yellow + comments: My Security Zone 1 + name: SZone1 + state: present + +- name: set-security-zone + cp_mgmt_security_zone: + name: SZone1 + state: present + +- name: delete-security-zone + cp_mgmt_security_zone: + name: SZone2 + state: absent +""" + +RETURN = """ +cp_mgmt_security_zone: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'security-zone' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py new file mode 100644 index 000000000..90be77462 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py @@ -0,0 +1,129 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_security_zone_facts +short_description: Get security-zone objects facts on Check Point over Web Services API +description: + - Get security-zone objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-security-zone + cp_mgmt_security_zone_facts: + name: SZone1 + +- name: show-security-zones + cp_mgmt_security_zone_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "security-zone" + api_call_object_plural_version = "security-zones" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py new file mode 100644 index 000000000..63941587a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_dce_rpc +short_description: Manages service-dce-rpc objects on Check Point over Web Services API +description: + - Manages service-dce-rpc objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + interface_uuid: + description: + - Network interface UUID. + type: str + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-dce-rpc + cp_mgmt_service_dce_rpc: + interface_uuid: 97aeb460-9aea-11d5-bd16-0090272ccb30 + keep_connections_open_after_policy_installation: false + name: New_DCE-RPC_Service_1 + state: present + +- name: set-service-dce-rpc + cp_mgmt_service_dce_rpc: + color: green + interface_uuid: 44aeb460-9aea-11d5-bd16-009027266b30 + name: New_DCE-RPC_Service_1 + state: present + +- name: delete-service-dce-rpc + cp_mgmt_service_dce_rpc: + name: New_DCE-RPC_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_dce_rpc: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + interface_uuid=dict(type='str'), + keep_connections_open_after_policy_installation=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-dce-rpc' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py new file mode 100644 index 000000000..b9419a93a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_dce_rpc_facts +short_description: Get service-dce-rpc objects facts on Check Point over Web Services API +description: + - Get service-dce-rpc objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-dce-rpc + cp_mgmt_service_dce_rpc_facts: + name: HP-OpCdistm + +- name: show-services-dce-rpc + cp_mgmt_service_dce_rpc_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-dce-rpc" + api_call_object_plural_version = "services-dce-rpc" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py new file mode 100644 index 000000000..1f78ac539 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_group +short_description: Manages service-group objects on Check Point over Web Services API +description: + - Manages service-group objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + members: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-group + cp_mgmt_service_group: + members: + - https + - bootp + - nisplus + - HP-OpCdistm + name: New Service Group 1 + state: present + +- name: set-service-group + cp_mgmt_service_group: + name: New Service Group 1 + members: + - https + - bootp + - nisplus + state: present + +- name: delete-service-group + cp_mgmt_service_group: + name: New Service Group 1 + state: absent +""" + +RETURN = """ +cp_mgmt_service_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + members=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py new file mode 100644 index 000000000..f04e0b961 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_group_facts +short_description: Get service-group objects facts on Check Point over Web Services API +description: + - Get service-group objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + show_as_ranges: + description: + - When true, the service group's matched content is displayed as ranges of port numbers rather than service objects.<br />Objects that are not + represented using port numbers are presented as objects.<br />The 'members' parameter is omitted from the response and instead the 'ranges' parameter + is displayed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-group + cp_mgmt_service_group_facts: + name: New Service Group 1 + +- name: show-service-groups + cp_mgmt_service_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + show_as_ranges=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-group" + api_call_object_plural_version = "service-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py new file mode 100644 index 000000000..0cd0d4ca8 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py @@ -0,0 +1,154 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_icmp +short_description: Manages service-icmp objects on Check Point over Web Services API +description: + - Manages service-icmp objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + icmp_code: + description: + - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>. + type: int + icmp_type: + description: + - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>. + type: int + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-icmp + cp_mgmt_service_icmp: + icmp_code: 7 + icmp_type: 5 + name: Icmp1 + state: present + +- name: set-service-icmp + cp_mgmt_service_icmp: + icmp_code: 13 + icmp_type: 45 + name: icmp1 + state: present + +- name: delete-service-icmp + cp_mgmt_service_icmp: + name: icmp3 + state: absent +""" + +RETURN = """ +cp_mgmt_service_icmp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + icmp_code=dict(type='int'), + icmp_type=dict(type='int'), + keep_connections_open_after_policy_installation=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-icmp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py new file mode 100644 index 000000000..fe845e609 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py @@ -0,0 +1,154 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_icmp6 +short_description: Manages service-icmp6 objects on Check Point over Web Services API +description: + - Manages service-icmp6 objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + icmp_code: + description: + - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>. + type: int + icmp_type: + description: + - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>. + type: int + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-icmp6 + cp_mgmt_service_icmp6: + icmp_code: 7 + icmp_type: 5 + name: Icmp1 + state: present + +- name: set-service-icmp6 + cp_mgmt_service_icmp6: + icmp_code: 13 + icmp_type: 45 + name: icmp1 + state: present + +- name: delete-service-icmp6 + cp_mgmt_service_icmp6: + name: icmp2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_icmp6: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + icmp_code=dict(type='int'), + icmp_type=dict(type='int'), + keep_connections_open_after_policy_installation=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-icmp6' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py new file mode 100644 index 000000000..d94525f23 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_icmp6_facts +short_description: Get service-icmp6 objects facts on Check Point over Web Services API +description: + - Get service-icmp6 objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-icmp6 + cp_mgmt_service_icmp6_facts: + name: echo-reply6 + +- name: show-services-icmp6 + cp_mgmt_service_icmp6_facts: + limit: 2 + offset: 4 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-icmp6" + api_call_object_plural_version = "services-icmp6" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py new file mode 100644 index 000000000..8d044c37f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_icmp_facts +short_description: Get service-icmp objects facts on Check Point over Web Services API +description: + - Get service-icmp objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-icmp + cp_mgmt_service_icmp_facts: + name: info-req + +- name: show-services-icmp + cp_mgmt_service_icmp_facts: + limit: 4 + offset: 3 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-icmp" + api_call_object_plural_version = "services-icmp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py new file mode 100644 index 000000000..8e1766a58 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py @@ -0,0 +1,227 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_other +short_description: Manages service-other objects on Check Point over Web Services API +description: + - Manages service-other objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + accept_replies: + description: + - Specifies whether Other Service replies are to be accepted. + type: bool + action: + description: + - Contains an INSPECT expression that defines the action to take if a rule containing this service is matched. + Example, set r_mhandler &open_ssl_handler sets a handler on the connection. + type: str + aggressive_aging: + description: + - Sets short (aggressive) timeouts for idle connections. + type: dict + suboptions: + default_timeout: + description: + - Default aggressive aging timeout in seconds. + type: int + enable: + description: + - N/A + type: bool + timeout: + description: + - Aggressive aging timeout in seconds. + type: int + use_default_timeout: + description: + - N/A + type: bool + ip_protocol: + description: + - IP protocol number. + type: int + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + match: + description: + - Contains an INSPECT expression that defines the matching criteria. The connection is examined against the expression during the first packet. + Example, tcp, dport = 21, direction = 0 matches incoming FTP control connections. + type: str + match_for_any: + description: + - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port + and protocol. + type: bool + override_default_settings: + description: + - Indicates whether this service is a Data Domain service which has been overridden. + type: bool + session_timeout: + description: + - Time (in seconds) before the session times out. + type: int + sync_connections_on_cluster: + description: + - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_default_session_timeout: + description: + - Use default virtual session timeout. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-other + cp_mgmt_service_other: + aggressive_aging: + enable: true + timeout: 360 + use_default_timeout: false + ip_protocol: 51 + keep_connections_open_after_policy_installation: false + match_for_any: true + name: New_Service_1 + session_timeout: 0 + state: present + sync_connections_on_cluster: true + +- name: set-service-other + cp_mgmt_service_other: + aggressive_aging: + default_timeout: 3600 + color: green + name: New_Service_1 + state: present + +- name: delete-service-other + cp_mgmt_service_other: + name: New_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_other: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + accept_replies=dict(type='bool'), + action=dict(type='str'), + aggressive_aging=dict(type='dict', options=dict( + default_timeout=dict(type='int'), + enable=dict(type='bool'), + timeout=dict(type='int'), + use_default_timeout=dict(type='bool') + )), + ip_protocol=dict(type='int'), + keep_connections_open_after_policy_installation=dict(type='bool'), + match=dict(type='str'), + match_for_any=dict(type='bool'), + override_default_settings=dict(type='bool'), + session_timeout=dict(type='int'), + sync_connections_on_cluster=dict(type='bool'), + tags=dict(type='list', elements='str'), + use_default_session_timeout=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-other' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py new file mode 100644 index 000000000..e7ad3da11 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_other_facts +short_description: Get service-other objects facts on Check Point over Web Services API +description: + - Get service-other objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-other + cp_mgmt_service_other_facts: + name: New_Service_1 + +- name: show-services-other + cp_mgmt_service_other_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-other" + api_call_object_plural_version = "services-other" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py new file mode 100644 index 000000000..e9f917ca1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_rpc +short_description: Manages service-rpc objects on Check Point over Web Services API +description: + - Manages service-rpc objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + program_number: + description: + - N/A + type: int + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-rpc + cp_mgmt_service_rpc: + keep_connections_open_after_policy_installation: false + name: New_RPC_Service_1 + program_number: 5669 + state: present + +- name: set-service-rpc + cp_mgmt_service_rpc: + color: green + name: New_RPC_Service_1 + program_number: 5656 + state: present + +- name: delete-service-rpc + cp_mgmt_service_rpc: + name: New_RPC_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_rpc: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + keep_connections_open_after_policy_installation=dict(type='bool'), + program_number=dict(type='int'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-rpc' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py new file mode 100644 index 000000000..3ff1f3c0b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_rpc_facts +short_description: Get service-rpc objects facts on Check Point over Web Services API +description: + - Get service-rpc objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-rpc + cp_mgmt_service_rpc_facts: + name: nisplus + +- name: show-services-rpc + cp_mgmt_service_rpc_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-rpc" + api_call_object_plural_version = "services-rpc" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py new file mode 100644 index 000000000..624a81939 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py @@ -0,0 +1,211 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_sctp +short_description: Manages service-sctp objects on Check Point over Web Services API +description: + - Manages service-sctp objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + port: + description: + - Port number. To specify a port range add a hyphen between the lowest and the highest port numbers, for example 44-45. + type: str + aggressive_aging: + description: + - Sets short (aggressive) timeouts for idle connections. + type: dict + suboptions: + default_timeout: + description: + - Default aggressive aging timeout in seconds. + type: int + enable: + description: + - N/A + type: bool + timeout: + description: + - Aggressive aging timeout in seconds. + type: int + use_default_timeout: + description: + - N/A + type: bool + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + match_for_any: + description: + - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port + and protocol. + type: bool + session_timeout: + description: + - Time (in seconds) before the session times out. + type: int + source_port: + description: + - Source port number. To specify a port range add a hyphen between the lowest and the highest port numbers, for example 44-45. + type: str + sync_connections_on_cluster: + description: + - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_default_session_timeout: + description: + - Use default virtual session timeout. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-sctp + cp_mgmt_service_sctp: + aggressive_aging: + enable: true + timeout: 360 + use_default_timeout: false + keep_connections_open_after_policy_installation: false + match_for_any: true + name: New_SCTP_Service_1 + port: 5669 + session_timeout: 0 + state: present + sync_connections_on_cluster: true + +- name: set-service-sctp + cp_mgmt_service_sctp: + aggressive_aging: + default_timeout: 3600 + color: green + name: New_SCTP_Service_1 + port: 5656 + state: present + +- name: delete-service-sctp + cp_mgmt_service_sctp: + name: New_SCTP_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_sctp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + port=dict(type='str'), + aggressive_aging=dict(type='dict', options=dict( + default_timeout=dict(type='int'), + enable=dict(type='bool'), + timeout=dict(type='int'), + use_default_timeout=dict(type='bool') + )), + keep_connections_open_after_policy_installation=dict(type='bool'), + match_for_any=dict(type='bool'), + session_timeout=dict(type='int'), + source_port=dict(type='str'), + sync_connections_on_cluster=dict(type='bool'), + tags=dict(type='list', elements='str'), + use_default_session_timeout=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-sctp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py new file mode 100644 index 000000000..852aacff5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_sctp_facts +short_description: Get service-sctp objects facts on Check Point over Web Services API +description: + - Get service-sctp objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-sctp + cp_mgmt_service_sctp_facts: + name: New_SCTP_Service_1 + +- name: show-services-sctp + cp_mgmt_service_sctp_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-sctp" + api_call_object_plural_version = "services-sctp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py new file mode 100644 index 000000000..91b032b05 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py @@ -0,0 +1,231 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_tcp +short_description: Manages service-tcp objects on Check Point over Web Services API +description: + - Manages service-tcp objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + aggressive_aging: + description: + - Sets short (aggressive) timeouts for idle connections. + type: dict + suboptions: + default_timeout: + description: + - Default aggressive aging timeout in seconds. + type: int + enable: + description: + - N/A + type: bool + timeout: + description: + - Aggressive aging timeout in seconds. + type: int + use_default_timeout: + description: + - N/A + type: bool + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + match_by_protocol_signature: + description: + - A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option + to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true. + type: bool + match_for_any: + description: + - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port + and protocol. + type: bool + override_default_settings: + description: + - Indicates whether this service is a Data Domain service which has been overridden. + type: bool + port: + description: + - The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for + example 44-55. + type: str + protocol: + description: + - Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and + Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of + security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports). + type: str + session_timeout: + description: + - Time (in seconds) before the session times out. + type: int + source_port: + description: + - Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet + inspection. Otherwise, the source port is not inspected. + type: str + sync_connections_on_cluster: + description: + - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_default_session_timeout: + description: + - Use default virtual session timeout. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-tcp + cp_mgmt_service_tcp: + aggressive_aging: + enable: true + timeout: 360 + use_default_timeout: false + keep_connections_open_after_policy_installation: false + match_for_any: true + name: New_TCP_Service_1 + port: 5669 + session_timeout: 0 + state: present + sync_connections_on_cluster: true + +- name: set-service-tcp + cp_mgmt_service_tcp: + aggressive_aging: + default_timeout: 3600 + color: green + name: New_TCP_Service_1 + port: 5656 + state: present + +- name: delete-service-tcp + cp_mgmt_service_tcp: + name: New_TCP_Service_1 + state: absent +""" + +RETURN = """ +cp_mgmt_service_tcp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + aggressive_aging=dict(type='dict', options=dict( + default_timeout=dict(type='int'), + enable=dict(type='bool'), + timeout=dict(type='int'), + use_default_timeout=dict(type='bool') + )), + keep_connections_open_after_policy_installation=dict(type='bool'), + match_by_protocol_signature=dict(type='bool'), + match_for_any=dict(type='bool'), + override_default_settings=dict(type='bool'), + port=dict(type='str'), + protocol=dict(type='str'), + session_timeout=dict(type='int'), + source_port=dict(type='str'), + sync_connections_on_cluster=dict(type='bool'), + tags=dict(type='list', elements='str'), + use_default_session_timeout=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-tcp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py new file mode 100644 index 000000000..55e0c16d9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_tcp_facts +short_description: Get service-tcp objects facts on Check Point over Web Services API +description: + - Get service-tcp objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-tcp + cp_mgmt_service_tcp_facts: + name: https + +- name: show-services-tcp + cp_mgmt_service_tcp_facts: + details_level: standard + limit: 10 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-tcp" + api_call_object_plural_version = "services-tcp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py new file mode 100644 index 000000000..31558754b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py @@ -0,0 +1,238 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_udp +short_description: Manages service-udp objects on Check Point over Web Services API +description: + - Manages service-udp objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + accept_replies: + description: + - N/A + type: bool + aggressive_aging: + description: + - Sets short (aggressive) timeouts for idle connections. + type: dict + suboptions: + default_timeout: + description: + - Default aggressive aging timeout in seconds. + type: int + enable: + description: + - N/A + type: bool + timeout: + description: + - Aggressive aging timeout in seconds. + type: int + use_default_timeout: + description: + - N/A + type: bool + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + match_by_protocol_signature: + description: + - A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option + to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true. + type: bool + match_for_any: + description: + - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port + and protocol. + type: bool + override_default_settings: + description: + - Indicates whether this service is a Data Domain service which has been overridden. + type: bool + port: + description: + - The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for + example 44-55. + type: str + protocol: + description: + - Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and + Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of + security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports). + type: str + session_timeout: + description: + - Time (in seconds) before the session times out. + type: int + source_port: + description: + - Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet + inspection. Otherwise, the source port is not inspected. + type: str + sync_connections_on_cluster: + description: + - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_default_session_timeout: + description: + - Use default virtual session timeout. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-udp + cp_mgmt_service_udp: + accept_replies: false + aggressive_aging: + enable: true + timeout: 360 + use_default_timeout: false + keep_connections_open_after_policy_installation: false + match_for_any: true + name: New_UDP_Service_1 + port: 5669 + session_timeout: 0 + state: present + sync_connections_on_cluster: true + +- name: set-service-udp + cp_mgmt_service_udp: + accept_replies: true + aggressive_aging: + default_timeout: 3600 + color: green + name: New_UDP_Service_1 + port: 5656 + state: present + +- name: delete-service-udp + cp_mgmt_service_udp: + name: New_UDP_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_udp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + accept_replies=dict(type='bool'), + aggressive_aging=dict(type='dict', options=dict( + default_timeout=dict(type='int'), + enable=dict(type='bool'), + timeout=dict(type='int'), + use_default_timeout=dict(type='bool') + )), + keep_connections_open_after_policy_installation=dict(type='bool'), + match_by_protocol_signature=dict(type='bool'), + match_for_any=dict(type='bool'), + override_default_settings=dict(type='bool'), + port=dict(type='str'), + protocol=dict(type='str'), + session_timeout=dict(type='int'), + source_port=dict(type='str'), + sync_connections_on_cluster=dict(type='bool'), + tags=dict(type='list', elements='str'), + use_default_session_timeout=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-udp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py new file mode 100644 index 000000000..1668739ab --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_udp_facts +short_description: Get service-udp objects facts on Check Point over Web Services API +description: + - Get service-udp objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-udp + cp_mgmt_service_udp_facts: + name: bootp + +- name: show-services-udp + cp_mgmt_service_udp_facts: + details_level: standard + limit: 10 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-udp" + api_call_object_plural_version = "services-udp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py new file mode 100644 index 000000000..9b64722da --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py @@ -0,0 +1,125 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_session_facts +short_description: Get session objects facts on Check Point over Web Services API +description: + - Get session objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the descending order by the session publish time. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + view_published_sessions: + description: + - Show a list of published sessions. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-session + cp_mgmt_session_facts: + +- name: show-sessions + cp_mgmt_session_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + view_published_sessions=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "session" + api_call_object_plural_version = "sessions" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py new file mode 100644 index 000000000..186bc4b2d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py @@ -0,0 +1,181 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_domain +short_description: Edit existing object using object name or uid. +description: + - Edit existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + servers: + description: + - Domain servers. When this field is provided, 'set-domain' command is executed asynchronously. + type: dict + suboptions: + add: + description: + - Adds to collection of values + type: list + elements: dict + suboptions: + name: + description: + - Object name. Must be unique in the domain. + type: str + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + multi_domain_server: + description: + - Multi Domain server name or UID. + type: str + skip_start_domain_server: + description: + - Set this value to be true to prevent starting the new created domain. + type: bool + type: + description: + - Domain server type. + type: str + choices: ['management server', 'log server', 'smc'] + remove: + description: + - Remove from collection of values + type: list + elements: str + suboptions: + name: + description: + - Object name. Must be unique in the domain. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + tags: + description: + - Collection of tag identifiers. Note, The list of tags can not be modified in a single command together with the domain servers. To modify + tags, please use the separate 'set-domain' command, without providing the list of domain servers. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-domain + cp_mgmt_set_domain: + comments: This is domain1 comment + name: domain1 +""" + +RETURN = """ +cp_mgmt_domain: + description: The checkpoint set-domain output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + servers=dict(type='dict', options=dict( + add=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + multi_domain_server=dict(type='str'), + skip_start_domain_server=dict(type='bool'), + type=dict(type='str', choices=['management server', 'log server', 'smc']) + )), + remove=dict(type='list', elements='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + tags=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + command = 'set-domain' + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py new file mode 100644 index 000000000..12549bb8c --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py @@ -0,0 +1,2044 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_global_properties +short_description: Edit Global Properties. +description: + - Edit Global Properties. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + firewall: + description: + - Add implied rules to or remove them from the Firewall Rule Base. Determine the position of the implied rules in the Rule Base, and whether or + not to log them. + type: dict + suboptions: + accept_control_connections: + description: + - Used for,<br> <ul><li> Installing the security policy from the Security Management server to the + gateways.</li><br> <li> Sending logs from the gateways to the Security Management server.</li><br> + <li> Communication between SmartConsole clients and the Security Management Server</li><br> <li> Communication between + Firewall daemons on different machines (Security Management Server, Security Gateway).</li><br> <li> Connecting to OPSEC + applications such as RADIUS and TACACS authentication servers.</li></ul>If you disable Accept Control Connections and you want Check Point + components to communicate with each other and with OPSEC components, you must explicitly allow these connections in the Rule Base. + type: bool + accept_ips1_management_connections: + description: + - Accepts IPS-1 connections.<br>Available only if accept-control-connections is true. + type: bool + accept_remote_access_control_connections: + description: + - Accepts Remote Access connections.<br>Available only if accept-control-connections is true. + type: bool + accept_smart_update_connections: + description: + - Accepts SmartUpdate connections. + type: bool + accept_outgoing_packets_originating_from_gw: + description: + - Accepts all packets from connections that originate at the Check Point Security Gateway. + type: bool + accept_outgoing_packets_originating_from_gw_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-outgoing-packets-originating-from-gw is false. + type: str + choices: ['first', 'last', 'before last'] + accept_outgoing_packets_originating_from_connectra_gw: + description: + - Accepts outgoing packets originating from Connectra gateway.<br>Available only if accept-outgoing-packets-originating-from-gw is false. + type: bool + accept_outgoing_packets_to_cp_online_services: + description: + - Allow Security Gateways to access Check Point online services. Supported for R80.10 Gateway and higher.<br>Available only if + accept-outgoing-packets-originating-from-gw is false. + type: bool + accept_outgoing_packets_to_cp_online_services_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-outgoing-packets-to-cp-online-services is true. + type: str + choices: ['first', 'last', 'before last'] + accept_domain_name_over_tcp: + description: + - Accepts Domain Name (DNS) queries and replies over TCP, to allow downloading of the domain name-resolving tables used for zone + transfers between servers. For clients, DNS over TCP is only used if the tables to be transferred are very large. + type: bool + accept_domain_name_over_tcp_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-domain-name-over-tcp is true. + type: str + choices: ['first', 'last', 'before last'] + accept_domain_name_over_udp: + description: + - Accepts Domain Name (DNS) queries and replies over UDP. + type: bool + accept_domain_name_over_udp_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-domain-name-over-udp is true. + type: str + choices: ['first', 'last', 'before last'] + accept_dynamic_addr_modules_outgoing_internet_connections: + description: + - Accept Dynamic Address modules' outgoing internet connections.Accepts DHCP traffic for DAIP (Dynamically Assigned IP Address) + gateways. In Small Office Appliance gateways, this rule allows outgoing DHCP, PPP, PPTP and L2TP Internet connections (regardless of whether it is + or is not a DAIP gateway). + type: bool + accept_icmp_requests: + description: + - Accepts Internet Control Message Protocol messages. + type: bool + accept_icmp_requests_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-icmp-requests is true. + type: str + choices: ['first', 'last', 'before last'] + accept_identity_awareness_control_connections: + description: + - Accepts traffic between Security Gateways in distributed environment configurations of Identity Awareness. + type: bool + accept_identity_awareness_control_connections_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-identity-awareness-control-connections is true. + type: str + choices: ['first', 'last', 'before last'] + accept_incoming_traffic_to_dhcp_and_dns_services_of_gws: + description: + - Allows the Small Office Appliance gateway to provide DHCP relay, DHCP server and DNS proxy services regardless of the rule base. + type: bool + accept_rip: + description: + - Accepts Routing Information Protocol (RIP), using UDP on port 520. + type: bool + accept_rip_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-rip is true. + type: str + choices: ['first', 'last', 'before last'] + accept_vrrp_packets_originating_from_cluster_members: + description: + - Selecting this option creates an implied rule in the security policy Rule Base that accepts VRRP inbound and outbound traffic to and + from the members of the cluster. + type: bool + accept_web_and_ssh_connections_for_gw_administration: + description: + - Accepts Web and SSH connections for Small Office Appliance gateways. + type: bool + log_implied_rules: + description: + - Produces log records for communications that match the implied rules that are generated in the Rule Base from the properties defined + in this window. + type: bool + security_server: + description: + - Control the welcome messages that users will see when logging in to servers behind Check Point Security Gateways. + type: dict + suboptions: + client_auth_welcome_file: + description: + - Client authentication welcome file is the name of a file whose contents are to be displayed when a user begins a Client + Authenticated session (optional) using the Manual Sign On Method. Client Authenticated Sessions initiated by Manual Sign On are not mediated + by a security server. + type: str + ftp_welcome_msg_file: + description: + - FTP welcome message file is the name of a file whose contents are to be displayed when a user begins an Authenticated FTP session. + type: str + rlogin_welcome_msg_file: + description: + - Rlogin welcome message file is the name of a file whose contents are to be displayed when a user begins an Authenticated RLOGIN session. + type: str + telnet_welcome_msg_file: + description: + - Telnet welcome message file is the name of a file whose contents are to be displayed when a user begins an Authenticated Telnet session. + type: str + mdq_welcome_msg: + description: + - MDQ Welcome Message is the message to be displayed when a user begins an MDQ session. The MDQ Welcome Message should contain + characters according to RFC 1035 and it must follow the ARPANET host name rules,<br> - This message must begin with a number or letter. + After the first letter or number character the remaining characters can be a letter, number, space, tab or hyphen.<br> - This message must + not end with a space or a tab and is limited to 63 characters. + type: str + smtp_welcome_msg: + description: + - SMTP Welcome Message is the message to be displayed when a user begins an SMTP session. + type: str + http_next_proxy_host: + description: + - HTTP next proxy host is the host name of the HTTP proxy behind the Check Point Security Gateway HTTP security server (if there + is one). Changing the HTTP Next Proxy fields takes effect after the Security Gateway database is downloaded to the authenticating gateway, or + after the security policy is re-installed. <br>These settings apply only to firewalled gateways prior to NG. For later versions, these + settings should be defined in the Node Properties window. + type: str + http_next_proxy_port: + description: + - HTTP next proxy port is the port of the HTTP proxy behind the Check Point Security Gateway HTTP security server (if there is + one). Changing the HTTP Next Proxy fields takes effect after the Security Gateway database is downloaded to the authenticating gateway, or + after the security policy is re-installed. <br>These settings apply only to firewalled gateways prior to NG. For later versions, these + settings should be defined in the Node Properties window. + type: int + http_servers: + description: + - This list specifies the HTTP servers. Defining HTTP servers allows you to restrict incoming HTTP. + type: list + elements: dict + suboptions: + logical_name: + description: + - Unique Logical Name of the HTTP Server. + type: str + host: + description: + - Host name of the HTTP Server. + type: str + port: + description: + - Port number of the HTTP Server. + type: int + reauthentication: + description: + - Specify whether users must reauthenticate when accessing a specific server. + type: str + choices: ['standard', 'post request', 'every request'] + server_for_null_requests: + description: + - The Logical Name of a Null Requests Server from http-servers. + type: str + nat: + description: + - Configure settings that apply to all NAT connections. + type: dict + suboptions: + allow_bi_directional_nat: + description: + - Applies to automatic NAT rules in the NAT Rule Base, and allows two automatic NAT rules to match a connection. Without Bidirectional + NAT, only one automatic NAT rule can match a connection. + type: bool + auto_arp_conf: + description: + - Ensures that ARP requests for a translated (NATed) machine, network or address range are answered by the Check Point Security Gateway. + type: bool + merge_manual_proxy_arp_conf: + description: + - Merges the automatic and manual ARP configurations. Manual proxy ARP configuration is required for manual Static NAT + rules.<br>Available only if auto-arp-conf is true. + type: bool + auto_translate_dest_on_client_side: + description: + - Applies to packets originating at the client, with the server as its destination. Static NAT for the server is performed on the client side. + type: bool + manually_translate_dest_on_client_side: + description: + - Applies to packets originating at the client, with the server as its destination. Static NAT for the server is performed on the client side. + type: bool + enable_ip_pool_nat: + description: + - Applies to packets originating at the client, with the server as its destination. Static NAT for the server is performed on the client side. + type: bool + addr_alloc_and_release_track: + description: + - Specifies whether to log each allocation and release of an IP address from the IP Pool.<br>Available only if enable-ip-pool-nat is true. + type: str + choices: ['ip allocation log', 'none'] + addr_exhaustion_track: + description: + - Specifies the action to take if the IP Pool is exhausted.<br>Available only if enable-ip-pool-nat is true. + type: str + choices: ['ip exhaustion alert', 'none', 'ip exhaustion log'] + authentication: + description: + - Define Authentication properties that are common to all users and to the various ways that the Check Point Security Gateway asks for passwords + (User, Client and Session Authentication). + type: dict + suboptions: + auth_internal_users_with_specific_suffix: + description: + - Enforce suffix for internal users authentication. + type: bool + allowed_suffix_for_internal_users: + description: + - Suffix for internal users authentication. + type: str + max_days_before_expiration_of_non_pulled_user_certificates: + description: + - Users certificates which were initiated but not pulled will expire after the specified number of days. Any value from 1 to 60 days can + be entered in this field. + type: int + max_client_auth_attempts_before_connection_termination: + description: + - Allowed Number of Failed Client Authentication Attempts Before Session Termination. Any value from 1 to 800 attempts can be entered in this field. + type: int + max_rlogin_attempts_before_connection_termination: + description: + - Allowed Number of Failed rlogin Attempts Before Session Termination. Any value from 1 to 800 attempts can be entered in this field. + type: int + max_session_auth_attempts_before_connection_termination: + description: + - Allowed Number of Failed Session Authentication Attempts Before Session Termination. Any value from 1 to 800 attempts can be entered in this field. + type: int + max_telnet_attempts_before_connection_termination: + description: + - Allowed Number of Failed telnet Attempts Before Session Termination. Any value from 1 to 800 attempts can be entered in this field. + type: int + enable_delayed_auth: + description: + - all authentications other than certificate-based authentications will be delayed by the specified time. Applying this delay will stall + brute force authentication attacks. The delay is applied for both failed and successful authentication attempts. + type: bool + delay_each_auth_attempt_by: + description: + - Delay each authentication attempt by the specified number of milliseconds. Any value from 1 to 25000 can be entered in this field. + type: int + vpn: + description: + - Configure settings relevant to VPN. + type: dict + suboptions: + vpn_conf_method: + description: + - Decide on Simplified or Traditional mode for all new security policies or decide which mode to use on a policy by policy basis. + type: str + choices: ['simplified', 'traditional', 'per policy'] + domain_name_for_dns_resolving: + description: + - Enter the domain name that will be used for gateways DNS lookup. The DNS host name that is used is "gateway_name.domain_name". + type: str + enable_backup_gw: + description: + - Enable Backup Gateway. + type: bool + enable_decrypt_on_accept_for_gw_to_gw_traffic: + description: + - Enable decrypt on accept for gateway to gateway traffic. This is only relevant for policies in traditional mode. In Traditional Mode, + the 'Accept' action determines that a connection is allowed, while the 'Encrypt' action determines that a connection is allowed and encrypted. + Select whether VPN accepts an encrypted packet that matches a rule with an 'Accept' action or drops it. + type: bool + enable_load_distribution_for_mep_conf: + description: + - Enable load distribution for Multiple Entry Points configurations (Site To Site connections). The VPN Multiple Entry Point (MEP) + feature supplies high availability and load distribution for Check Point Security Gateways. MEP works in four modes,<br> + <ul><li> First to Respond, in which the first gateway to reply to the peer gateway is chosen. An organization would choose this option if, for + example, the organization has two gateways in a MEPed configuration - one in London, the other in New York. It makes sense for Check Point + Security Gateway peers located in England to try the London gateway first and the NY gateway second. Being geographically closer to Check Point + Security Gateway peers in England, the London gateway will be the first to respond, and becomes the entry point to the internal + network.</li><br> <li> VPN Domain, is when the destination IP belongs to a particular VPN domain, the gateway of that + domain becomes the chosen entry point. This gateway becomes the primary gateway while other gateways in the MEP configuration become its backup + gateways.</li><br> <li> Random Selection, in which the remote Check Point Security Gateway peer randomly selects a gateway + with which to open a VPN connection. For each IP source/destination address pair, a new gateway is randomly selected. An organization might have a + number of machines with equal performance abilities. In this case, it makes sense to enable load distribution. The machines are used in a random + and equal way.</li><br> <li> Manually set priority list, gateway priorities can be set manually for the entire community + or for individual satellite gateways.</li></ul>. + type: bool + enable_vpn_directional_match_in_vpn_column: + description: + - Enable VPN Directional Match in VPN Column.<br>Note, VPN Directional Match is supported only on Gaia, SecurePlatform, Linux and IPSO. + type: bool + grace_period_after_the_crl_is_not_valid: + description: + - When establishing VPN tunnels, the peer presents its certificate for authentication. The clock on the gateway machine must be + synchronized with the clock on the Certificate Authority machine. Otherwise, the Certificate Revocation List (CRL) used for validating the peer's + certificate may be considered invalid and thus the authentication fails. To resolve the issue of differing clock times, a Grace Period permits a + wider window for CRL validity. + type: int + grace_period_before_the_crl_is_valid: + description: + - When establishing VPN tunnels, the peer presents its certificate for authentication. The clock on the gateway machine must be + synchronized with the clock on the Certificate Authority machine. Otherwise, the Certificate Revocation List (CRL) used for validating the peer's + certificate may be considered invalid and thus the authentication fails. To resolve the issue of differing clock times, a Grace Period permits a + wider window for CRL validity. + type: int + grace_period_extension_for_secure_remote_secure_client: + description: + - When dealing with remote clients the Grace Period needs to be extended. The remote client sometimes relies on the peer gateway to + supply the CRL. If the client's clock is not synchronized with the gateway's clock, a CRL that is considered valid by the gateway may be + considered invalid by the client. + type: int + support_ike_dos_protection_from_identified_src: + description: + - When the number of IKE negotiations handled simultaneously exceeds a threshold above VPN's capacity, a gateway concludes that it is + either under a high load or experiencing a Denial of Service attack. VPN can filter out peers that are the probable source of the potential Denial + of Service attack. There are two kinds of protection,<br> <ul><li> Stateless - the peer has to respond to an IKE + notification in a way that proves the peer's IP address is not spoofed. If the peer cannot prove this, VPN does not allocate resources for the IKE + negotiation</li><br> <li> Puzzles - this is the same as Stateless, but in addition, the peer has to solve a mathematical + puzzle. Solving this puzzle consumes peer CPU resources in a way that makes it difficult to initiate multiple IKE negotiations + simultaneously.</li></ul>Puzzles is more secure then Stateless, but affects performance.<br>Since these kinds of attacks involve a new proprietary + addition to the IKE protocol, enabling these protection mechanisms may cause difficulties with non Check Point VPN products or older versions of + VPN. + type: str + choices: ['puzzles', 'stateless', 'none'] + support_ike_dos_protection_from_unidentified_src: + description: + - When the number of IKE negotiations handled simultaneously exceeds a threshold above VPN's capacity, a gateway concludes that it is + either under a high load or experiencing a Denial of Service attack. VPN can filter out peers that are the probable source of the potential Denial + of Service attack. There are two kinds of protection,<br> <ul><li> Stateless - the peer has to respond to an IKE + notification in a way that proves the peer's IP address is not spoofed. If the peer cannot prove this, VPN does not allocate resources for the IKE + negotiation</li><br> <li> Puzzles - this is the same as Stateless, but in addition, the peer has to solve a mathematical + puzzle. Solving this puzzle consumes peer CPU resources in a way that makes it difficult to initiate multiple IKE negotiations + simultaneously.</li></ul>Puzzles is more secure then Stateless, but affects performance.<br>Since these kinds of attacks involve a new proprietary + addition to the IKE protocol, enabling these protection mechanisms may cause difficulties with non Check Point VPN products or older versions of + VPN. + type: str + choices: ['puzzles', 'stateless', 'none'] + remote_access: + description: + - Configure Remote Access properties. + type: dict + suboptions: + enable_back_connections: + description: + - Usually communication with remote clients must be initialized by the clients. However, once a client has opened a connection, the + hosts behind VPN can open a return or back connection to the client. For a back connection, the client's details must be maintained on all the + devices between the client and the gateway, and on the gateway itself. Determine whether the back connection is enabled. + type: bool + keep_alive_packet_to_gw_interval: + description: + - Usually communication with remote clients must be initialized by the clients. However, once a client has opened a connection, the + hosts behind VPN can open a return or back connection to the client. For a back connection, the client's details must be maintained on all the + devices between the client and the gateway, and on the gateway itself. Determine frequency (in seconds) of the Keep Alive packets sent by the + client in order to maintain the connection with the gateway.<br>Available only if enable-back-connections is true. + type: int + encrypt_dns_traffic: + description: + - You can decide whether DNS queries sent by the remote client to a DNS server located on the corporate LAN are passed through the VPN + tunnel or not. Disable this option if the client has to make DNS queries to the DNS server on the corporate LAN while connecting to the + organization but without using the SecuRemote client. + type: bool + simultaneous_login_mode: + description: + - Select the simultaneous login mode. + type: str + choices: ['allowonlysinglelogintouser', 'allowseverallogintouser'] + vpn_authentication_and_encryption: + description: + - configure supported Encryption and Authentication methods for Remote Access clients. + type: dict + suboptions: + encryption_algorithms: + description: + - Select the methods negotiated in IKE phase 2 and used in IPSec connections. + type: dict + suboptions: + ike: + description: + - Configure the IKE Phase 1 settings. + type: dict + suboptions: + support_encryption_algorithms: + description: + - Select the encryption algorithms that will be supported with remote hosts. + type: dict + suboptions: + tdes: + description: + - Select whether the Triple DES encryption algorithm will be supported with remote hosts. + type: bool + aes_128: + description: + - Select whether the AES-128 encryption algorithm will be supported with remote hosts. + type: bool + aes_256: + description: + - Select whether the AES-256 encryption algorithm will be supported with remote hosts. + type: bool + des: + description: + - Select whether the DES encryption algorithm will be supported with remote hosts. + type: bool + use_encryption_algorithm: + description: + - Choose the encryption algorithm that will have the highest priority of the selected algorithms. If given a + choice of more that one encryption algorithm to use, the algorithm selected in this field will be used. + type: str + choices: ['AES-256', 'DES', 'AES-128', 'TDES'] + support_data_integrity: + description: + - Select the hash algorithms that will be supported with remote hosts to ensure data integrity. + type: dict + suboptions: + aes_xcbc: + description: + - Select whether the AES-XCBC hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + md5: + description: + - Select whether the MD5 hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + sha1: + description: + - Select whether the SHA1 hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + sha256: + description: + - Select whether the SHA256 hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + use_data_integrity: + description: + - The hash algorithm chosen here will be given the highest priority if more than one choice is offered. + type: str + choices: ['aes-xcbc', 'sha256', 'sha1', 'md5'] + support_diffie_hellman_groups: + description: + - Select the Diffie-Hellman groups that will be supported with remote hosts. + type: dict + suboptions: + group1: + description: + - Select whether Diffie-Hellman Group 1 (768 bit) will be supported with remote hosts. + type: bool + group14: + description: + - Select whether Diffie-Hellman Group 14 (2048 bit) will be supported with remote hosts. + type: bool + group2: + description: + - Select whether Diffie-Hellman Group 2 (1024 bit) will be supported with remote hosts. + type: bool + group5: + description: + - Select whether Diffie-Hellman Group 5 (1536 bit) will be supported with remote hosts. + type: bool + use_diffie_hellman_group: + description: + - SecureClient users utilize the Diffie-Hellman group selected in this field. + type: str + choices: ['group 1', 'group 2', 'group 5', 'group 14'] + ipsec: + description: + - Configure the IPSEC Phase 2 settings. + type: dict + suboptions: + support_encryption_algorithms: + description: + - Select the encryption algorithms that will be supported with remote hosts. + type: dict + suboptions: + tdes: + description: + - Select whether the Triple DES encryption algorithm will be supported with remote hosts. + type: bool + aes_128: + description: + - Select whether the AES-128 encryption algorithm will be supported with remote hosts. + type: bool + aes_256: + description: + - Select whether the AES-256 encryption algorithm will be supported with remote hosts. + type: bool + des: + description: + - Select whether the DES encryption algorithm will be supported with remote hosts. + type: bool + use_encryption_algorithm: + description: + - Choose the encryption algorithm that will have the highest priority of the selected algorithms. If given a + choice of more that one encryption algorithm to use, the algorithm selected in this field will be used. + type: str + choices: ['AES-256', 'DES', 'AES-128', 'TDES'] + support_data_integrity: + description: + - Select the hash algorithms that will be supported with remote hosts to ensure data integrity. + type: dict + suboptions: + aes_xcbc: + description: + - Select whether the AES-XCBC hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + md5: + description: + - Select whether the MD5 hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + sha1: + description: + - Select whether the SHA1 hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + sha256: + description: + - Select whether the SHA256 hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + use_data_integrity: + description: + - The hash algorithm chosen here will be given the highest priority if more than one choice is offered. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'sha512', 'md5'] + enforce_encryption_alg_and_data_integrity_on_all_users: + description: + - Enforce Encryption Algorithm and Data Integrity on all users. + type: bool + encryption_method: + description: + - Select the encryption method. + type: str + choices: ['prefer_ikev2_support_ikev1', 'ike_v2_only', 'ike_v1_only'] + pre_shared_secret: + description: + - the user password is specified in the Authentication tab in the user's IKE properties (in the user properties window, Encryption tab > Edit). + type: bool + support_legacy_auth_for_sc_l2tp_nokia_clients: + description: + - Support Legacy Authentication for SC (hybrid mode), L2TP (PAP) and Nokia clients (CRACK). + type: bool + support_legacy_eap: + description: + - Support Legacy EAP (Extensible Authentication Protocol). + type: bool + support_l2tp_with_pre_shared_key: + description: + - Use a centrally managed pre-shared key for IKE. + type: bool + l2tp_pre_shared_key: + description: + - Type in the pre-shared key.<br>Available only if support-l2tp-with-pre-shared-key is set to true. + type: str + vpn_advanced: + description: + - Configure encryption methods and interface resolution for remote access clients. + type: dict + suboptions: + allow_clear_traffic_to_encryption_domain_when_disconnected: + description: + - SecuRemote/SecureClient behavior while disconnected - How traffic to the VPN domain is handled when the Remote Access VPN + client is not connected to the site. Traffic can either be dropped or sent in clear without encryption. + type: bool + enable_load_distribution_for_mep_conf: + description: + - Load distribution for Multiple Entry Points configurations - Remote access clients will randomly select a gateway from the + list of entry points. Make sure to define the same VPN domain for all the Security Gateways you want to be entry points. + type: bool + use_first_allocated_om_ip_addr_for_all_conn_to_the_gws_of_the_site: + description: + - Use first allocated Office Mode IP Address for all connections to the Gateways of the site.After a remote user connects and + receives an Office Mode IP address from a gateway, every connection to that gateways encryption domain will go out with the Office Mode IP as + the internal source IP. The Office Mode IP is what hosts in the encryption domain will recognize as the remote user's IP address. The Office + Mode IP address assigned by a specific gateway can be used in its own encryption domain and in neighboring encryption domains as well. The + neighboring encryption domains should reside behind gateways that are members of the same VPN community as the assigning gateway. Since the + remote hosts connections are dependant on the Office Mode IP address it received, should the gateway that issued the IP become unavailable, + all the connections to the site will terminate. + type: bool + scv: + description: + - Define properties of the Secure Configuration Verification process. + type: dict + suboptions: + apply_scv_on_simplified_mode_fw_policies: + description: + - Determine whether the gateway verifies that remote access clients are securely configured. This is set here only if the + security policy is defined in the Simplified Mode. If the security policy is defined in the Traditional Mode, verification takes place per + rule. + type: bool + exceptions: + description: + - Specify the hosts that can be accessed using the selected services even if the client is not verified.<br>Available only if + apply-scv-on-simplified-mode-fw-policies is true. + type: list + elements: dict + suboptions: + hosts: + description: + - Specify the Hosts to be excluded from SCV. + type: list + elements: str + services: + description: + - Specify the services to be accessed. + type: list + elements: str + no_scv_for_unsupported_cp_clients: + description: + - Do not apply Secure Configuration Verification for connections from Check Point VPN clients that don't support it, such as SSL + Network Extender, GO, Capsule VPN / Connect, Endpoint Connects lower than R75, or L2TP clients.<br>Available only if + apply-scv-on-simplified-mode-fw-policies is true. + type: bool + upon_verification_accept_and_log_client_connection: + description: + - If the gateway verifies the client's configuration, decide how the gateway should handle connections with clients that fail + the Security Configuration Verification. It is possible to either drop the connection or Accept the connection and log it. + type: bool + only_tcp_ip_protocols_are_used: + description: + - Most SCV checks are configured via the SCV policy. Specify whether to verify that only TCP/IP protocols are used. + type: bool + policy_installed_on_all_interfaces: + description: + - Most SCV checks are configured via the SCV policy. Specify whether to verify that the Desktop Security Policy is installed on + all the interfaces of the client. + type: bool + generate_log: + description: + - If the client identifies that the secure configuration has been violated, select whether a log is generated by the remote + access client and sent to the Security Management server. + type: bool + notify_user: + description: + - If the client identifies that the secure configuration has been violated, select whether to user should be notified. + type: bool + ssl_network_extender: + description: + - Define properties for SSL Network Extender users. + type: dict + suboptions: + user_auth_method: + description: + - Wide Impact, Also applies for SecureClient Mobile devices and Check Point GO clients!<br>User authentication method indicates + how the user will be authenticated by the gateway. Changes made here will also apply for SSL clients.<br>Legacy - Username and password + only.<br>Certificate - Certificate only with an existing certificate.<br>Certificate with Enrollment - Allows you to obtain a new certificate + and then use certificate authentication only.<br>Mixed - Can use either username and password or certificate. + type: str + choices: ['certificate_with_enrollment', 'certificate', 'mixed', 'legacy'] + supported_encryption_methods: + description: + - Wide Impact, Also applies to SecureClient Mobile devices!<br>Select the encryption algorithms that will be supported for + remote users. Changes made here will also apply for all SSL clients. + type: str + choices: ['3des_or_rc4', '3des_only'] + client_upgrade_upon_connection: + description: + - When a client connects to the gateway with SSL Network Extender, the client automatically checks for upgrade. Select whether + the client should automatically upgrade. + type: str + choices: ['force_upgrade', 'ask_user', 'no_upgrade'] + client_uninstall_upon_disconnection: + description: + - Select whether the client should automatically uninstall SSL Network Extender when it disconnects from the gateway. + type: str + choices: ['force_uninstall', 'ask_user', 'dont_uninstall'] + re_auth_user_interval: + description: + - Wide Impact, Applies for the SecureClient Mobile!<br>Select the interval that users will need to reauthenticate. + type: int + scan_ep_machine_for_compliance_with_ep_compliance_policy: + description: + - Set to true if you want endpoint machines to be scanned for compliance with the Endpoint Compliance Policy. + type: bool + client_outgoing_keep_alive_packets_frequency: + description: + - Select the interval which the keep-alive packets are sent. + type: int + secure_client_mobile: + description: + - Define properties for SecureClient Mobile. + type: dict + suboptions: + user_auth_method: + description: + - Wide Impact, Also applies for SSL Network Extender clients and Check Point GO clients.<br>How the user will be authenticated by the gateway. + type: str + choices: ['certificate_with_enrollment', 'certificate', 'mixed', 'legacy'] + enable_password_caching: + description: + - If the password entered to authenticate is saved locally on the user's machine. + type: str + choices: ['client_decide', 'true', 'false'] + cache_password_timeout: + description: + - Cached password timeout (in minutes). + type: int + re_auth_user_interval: + description: + - Wide Impact, Also applies for SSL Network Extender clients!<br>The length of time (in minutes) until the user's credentials + are resent to the gateway to verify authorization. + type: int + connect_mode: + description: + - Methods by which a connection to the gateway will be initiated,<br>Configured On Endpoint Client - the method used for + initiating a connection to a gateway is determined by the endpoint client<br>Manual - VPN connections will not be initiated + automatically.<br>Always connected - SecureClient Mobile will automatically establish a connection to the last connected gateway under the + following circumstances, (a) the device has a valid IP address, (b) when the device "wakes up" from a low-power state or a soft-reset, or (c) + after a condition that caused the device to automatically disconnect ceases to exist (for example, Device is out of PC Sync, Disconnect is not + idle.).<br>On application request - Applications requiring access to resources through the VPN will be able to initiate a VPN connection. + type: str + choices: ['manual', 'always connected', 'on application request', 'configured on endpoint client'] + automatically_initiate_dialup: + description: + - When selected, the client will initiate a GPRS dialup connection before attempting to establish the VPN connection. Note that + if a local IP address is already available through another network interface, then the GPRS dialup is not initiated. + type: str + choices: ['client_decide', 'true', 'false'] + disconnect_when_device_is_idle: + description: + - Enabling this feature will disconnect users from the gateway if there is no traffic sent during the defined time period. + type: str + choices: ['client_decide', 'true', 'false'] + supported_encryption_methods: + description: + - Wide Impact, Also applies for SSL Network Extender clients!<br>Select the encryption algorithms that will be supported with remote users. + type: str + choices: ['3des_or_rc4', '3des_only'] + route_all_traffic_to_gw: + description: + - Operates the client in Hub Mode, sending all traffic to the VPN server for routing, filtering, and processing. + type: str + choices: ['client_decide', 'true', 'false'] + endpoint_connect: + description: + - Configure global settings for Endpoint Connect. These settings apply to all gateways. + type: dict + suboptions: + enable_password_caching: + description: + - If the password entered to authenticate is saved locally on the user's machine. + type: str + choices: ['client_decide', 'true', 'false'] + cache_password_timeout: + description: + - Cached password timeout (in minutes). + type: int + re_auth_user_interval: + description: + - The length of time (in minutes) until the user's credentials are resent to the gateway to verify authorization. + type: int + connect_mode: + description: + - Methods by which a connection to the gateway will be initiated,<br>Manual - VPN connections will not be initiated + automatically.<br>Always connected - Endpoint Connect will automatically establish a connection to the last connected gateway under the + following circumstances, (a) the device has a valid IP address, (b) when the device "wakes up" from a low-power state or a soft-reset, or (c) + after a condition that caused the device to automatically disconnect ceases to exist (for example, Device is out of PC Sync, Disconnect is not + idle.).<br>Configured on endpoint client - the method used for initiating a connection to a gateway is determined by the endpoint client. + type: str + choices: ['Manual', 'Always Connected', 'Configured On Endpoint Client'] + network_location_awareness: + description: + - Wide Impact, Also applies for Check Point GO clients!<br>Endpoint Connect intelligently detects whether it is inside or + outside of the VPN domain (Enterprise LAN), and automatically connects or disconnects as required. Select true and edit + network-location-awareness-conf to configure this capability. + type: str + choices: ['client_decide', 'true', 'false'] + network_location_awareness_conf: + description: + - Configure how the client determines its location in relation to the internal network. + type: dict + suboptions: + vpn_clients_are_considered_inside_the_internal_network_when_the_client: + description: + - When a VPN client is within the internal network, the internal resources are available and the VPN tunnel should be + disconnected. Determine when VPN clients are considered inside the internal network,<br>Connects to GW through internal interface - The + client connects to the gateway through one of its internal interfaces (recommended).<br>Connects from network or group - The client + connects from a network or group specified in network-or-group-of-conn-vpn-client.<br>Runs on computer with access to Active Directory + domain - The client runs on a computer that can access its Active Directory domain.<br>Note, The VPN tunnel will resume automatically when + the VPN client is no longer in the internal network and the client is set to "Always connected" mode. + type: str + choices: ['connects to gw through internal interface', 'connects from network or group', + 'runs on computer with access to active directory domain'] + network_or_group_of_conn_vpn_client: + description: + - Name or UID of Network or Group the VPN client is connected from.<br>Available only if + vpn-clients-are-considered-inside-the-internal-network-when-the-client is set to "Connects from network or group". + type: str + consider_wireless_networks_as_external: + description: + - The speed at which locations are classified as internal or external can be increased by creating a list of wireless + networks that are known to be external. A wireless network is identified by its Service Set Identifier (SSID) a name used to identify a + particular 802.11 wireless LAN. + type: bool + excluded_internal_wireless_networks: + description: + - Excludes the specified internal networks names (SSIDs).<br>Available only if consider-wireless-networks-as-external is set to true. + type: list + elements: str + consider_undefined_dns_suffixes_as_external: + description: + - The speed at which locations are classified as internal or external can be increased by creating a list of DNS + suffixes that are known to be external. Enable this to be able to define DNS suffixes which won't be considered external. + type: bool + dns_suffixes: + description: + - DNS suffixes not defined here will be considered as external. If this list is empty + consider-undefined-dns-suffixes-as-external will automatically be set to false.<br>Available only if + consider-undefined-dns-suffixes-as-external is set to true. + type: list + elements: str + remember_previously_detected_external_networks: + description: + - The speed at which locations are classified as internal or external can be increased by caching (on the client side) + names of networks that were previously determined to be external. + type: bool + disconnect_when_conn_to_network_is_lost: + description: + - Enabling this feature disconnects users from the gateway when connectivity to the network is lost. + type: str + choices: ['client_decide', 'true', 'false'] + disconnect_when_device_is_idle: + description: + - Enabling this feature will disconnect users from the gateway if there is no traffic sent during the defined time period. + type: str + choices: ['client_decide', 'true', 'false'] + route_all_traffic_to_gw: + description: + - Operates the client in Hub Mode, sending all traffic to the VPN server for routing, filtering, and processing. + type: str + choices: ['client_decide', 'true', 'false'] + client_upgrade_mode: + description: + - Select an option to determine how the client is upgraded. + type: str + choices: ['force_upgrade', 'ask_user', 'no_upgrade'] + hot_spot_and_hotel_registration: + description: + - Configure the settings for Wireless Hot Spot and Hotel Internet access registration. + type: dict + suboptions: + enable_registration: + description: + - Set Enable registration to true in order to configure settings. Set Enable registration to false in order to cancel + registration (the configurations below won't be available). When the feature is enabled, you have several minutes to complete registration. + type: bool + local_subnets_access_only: + description: + - Local subnets access only. + type: bool + registration_timeout: + description: + - Maximum time (in seconds) to complete registration. + type: int + track_log: + description: + - Track log. + type: bool + max_ip_access_during_registration: + description: + - Maximum number of addresses to allow access to during registration. + type: int + ports: + description: + - Ports to be opened during registration (up to 10 ports). + type: list + elements: str + user_directory: + description: + - User can enable LDAP User Directory as well as specify global parameters for LDAP. If LDAP User Directory is enabled, this means that users + are managed on an external LDAP server and not on the internal Check Point Security Gateway users databases. + type: dict + suboptions: + enable_password_change_when_user_active_directory_expires: + description: + - For organizations using MS Active Directory, this setting enables users whose passwords have expired to automatically create new passwords. + type: bool + cache_size: + description: + - The maximum number of cached users allowed. The cache is FIFO (first-in, first-out). When a new user is added to a full cache, the + first user is deleted to make room for the new user. The Check Point Security Gateway does not query the LDAP server for users already in the + cache, unless the cache has timed out. + type: int + enable_password_expiration_configuration: + description: + - Enable configuring of the number of days during which the password is valid.<br>If + enable-password-change-when-user-active-directory-expires is true, the password expiration time is determined by the Active Directory. In this + case it is recommended not to set this to true. + type: bool + password_expires_after: + description: + - Specifies the number of days during which the password is valid. Users are authenticated using a special LDAP password. Should this + password expire, a new password must be defined.<br>Available only if enable-password-expiration-configuration is true. + type: int + timeout_on_cached_users: + description: + - The period of time in which a cached user is timed out and will need to be fetched again from the LDAP server. + type: int + display_user_dn_at_login: + description: + - Decide whether or not you would like to display the user's DN when logging in. If you choose to display the user DN, you can select + whether to display it, when the user is prompted for the password at login, or on the request of the authentication scheme. This property is a + useful diagnostic tool when there is more than one user with the same name in an Account Unit. In this case, the first one is chosen and the + others are ignored. + type: str + choices: ['no display', 'display upon request', 'display'] + enforce_rules_for_user_mgmt_admins: + description: + - Enforces password strength rules on LDAP users when you create or modify a Check Point Password. + type: bool + min_password_length: + description: + - Specifies the minimum length (in characters) of the password. + type: int + password_must_include_a_digit: + description: + - Password must include a digit. + type: bool + password_must_include_a_symbol: + description: + - Password must include a symbol. + type: bool + password_must_include_lowercase_char: + description: + - Password must include a lowercase character. + type: bool + password_must_include_uppercase_char: + description: + - Password must include an uppercase character. + type: bool + qos: + description: + - Define the general parameters of Quality of Service (QoS) and apply them to QoS rules. + type: dict + suboptions: + default_weight_of_rule: + description: + - Define a Weight at which bandwidth will be guaranteed. Set a default weight for a rule.<br>Note, Value will be applied to new rules only. + type: int + max_weight_of_rule: + description: + - Define a Weight at which bandwidth will be guaranteed. Set a maximum weight for a rule. + type: int + unit_of_measure: + description: + - Define the Rate at which packets are transmitted, for which bandwidth will be guaranteed. Set a Unit of measure. + type: str + choices: ['bits-per-sec', 'bytes-per-sec', 'kbits-per-sec', 'kbytes-per-sec', 'mbits-per-sec', 'mbytes-per-sec'] + authenticated_ip_expiration: + description: + - Define the Authentication time-out for QoS. This timeout is set in minutes. In an Authenticated IP all connections which are open in a + specified time limit will be guaranteed bandwidth, but will not be guaranteed bandwidth after the time limit. + type: int + non_authenticated_ip_expiration: + description: + - Define the Authentication time-out for QoS. This timeout is set in minutes. + type: int + unanswered_queried_ip_expiration: + description: + - Define the Authentication time-out for QoS. This timeout is set in minutes. + type: int + carrier_security: + description: + - Specify system-wide properties. Select GTP intra tunnel inspection options, including anti-spoofing; tracking and logging options, and integrity tests. + type: dict + suboptions: + block_gtp_in_gtp: + description: + - Prevents GTP packets from being encapsulated inside GTP tunnels. When this option is checked, such packets are dropped and logged. + type: bool + enforce_gtp_anti_spoofing: + description: + - verifies that G-PDUs are using the end user IP address that has been agreed upon in the PDP context activation process. When this + option is checked, packets that do not use this IP address are dropped and logged. + type: bool + produce_extended_logs_on_unmatched_pdus: + description: + - logs GTP packets not matched by previous rules with Carrier Security's extended GTP-related log fields. These logs are brown and their + Action attribute is empty. The default setting is checked. + type: bool + produce_extended_logs_on_unmatched_pdus_position: + description: + - Choose to place this implicit rule Before Last or as the Last rule.<br>Available only if produce-extended-logs-on-unmatched-pdus is true. + type: str + choices: ['before last', 'last'] + protocol_violation_track_option: + description: + - Set the appropriate track or alert option to be used when a protocol violation (malformed packet) is detected. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + enable_g_pdu_seq_number_check_with_max_deviation: + description: + - If set to false, sequence checking is not enforced and all out-of-sequence G-PDUs will be accepted.<br>To enhance performance, disable + this extended integrity test. + type: bool + g_pdu_seq_number_check_max_deviation: + description: + - specifies that a G-PDU is accepted only if the difference between its sequence number and the expected sequence number is less than or + equal to the allowed deviation.<br>Available only ifenable-g-pdu-seq-number-check-with-max-deviation is true. + type: int + verify_flow_labels: + description: + - See that each packet's flow label matches the flow labels defined by GTP signaling. This option is relevant for GTP version 0 + only.<br>To enhance performance, disable this extended integrity test. + type: bool + allow_ggsn_replies_from_multiple_interfaces: + description: + - Allows GTP signaling replies from an IP address different from the IP address to which the requests are sent (Relevant only for + gateways below R80). + type: bool + enable_reverse_connections: + description: + - Allows Carrier Security gateways to accept PDUs sent from the GGSN to the SGSN, on a previously established PDP context, even if these + PDUs are sent over ports that do not match the ports of the established PDP context. + type: bool + gtp_signaling_rate_limit_sampling_interval: + description: + - Works in correlation with the property Enforce GTP Signal packet rate limit found in the Carrier Security window of the GSN network + object. For example, with the rate limit sampling interval default of 1 second, and the network object enforced a GTP signal packet rate limit of + the default 2048 PDU per second, sampling will occur one time per second, or 2048 signaling PDUs between two consecutive samplings. + type: int + one_gtp_echo_on_each_path_frequency: + description: + - sets the number of GTP Echo exchanges per path allowed per configured time period. Echo requests exceeding this rate are dropped and + logged. Setting the value to 0 disables the feature and allows an unlimited number of echo requests per path at any interval. + type: int + aggressive_aging: + description: + - If true, enables configuring aggressive aging thresholds and time out value. + type: bool + aggressive_timeout: + description: + - Aggressive timeout. Available only if aggressive-aging is true. + type: int + memory_activation_threshold: + description: + - Memory activation threshold. Available only if aggressive-aging is true. + type: int + memory_deactivation_threshold: + description: + - Memory deactivation threshold. Available only if aggressive-aging is true. + type: int + tunnel_activation_threshold: + description: + - Tunnel activation threshold. Available only if aggressive-aging is true. + type: int + tunnel_deactivation_threshold: + description: + - Tunnel deactivation threshold. Available only if aggressive-aging is true. + type: int + user_accounts: + description: + - Set the expiration for a user account and configure "about to expire" warnings. + type: dict + suboptions: + expiration_date_method: + description: + - Select an Expiration Date Method.<br>Expire at - Account expires on the date that you select.<br>Expire after - Account expires after + the number of days that you select. + type: str + choices: ['expire after', 'expire at'] + expiration_date: + description: + - Specify an Expiration Date in the following format, YYYY-MM-DD.<br>Available only if expiration-date-method is set to "expire at". + type: str + days_until_expiration: + description: + - Account expires after the number of days that you select.<br>Available only if expiration-date-method is set to "expire after". + type: int + show_accounts_expiration_indication_days_in_advance: + description: + - Activates the Expired Accounts link, to open the Expired Accounts window. + type: bool + user_authority: + description: + - Decide whether to display and access the WebAccess rule base. This policy defines which users (that is, which Windows Domains) have access to + the internal sites of the organization. + type: dict + suboptions: + display_web_access_view: + description: + - Specify whether or not to display the WebAccess rule base. This rule base is used for UserAuthority. + type: bool + windows_domains_to_trust: + description: + - When matching Firewall usernames to Windows Domains usernames for Single Sign on, selectwhether to trust all or specify which Windows + Domain should be trusted.<br>ALL - Enables you to allow all Windows domains to access the internal sites of the organization.<br>SELECTIVELY - + Enables you to specify which Windows domains will have access to the internal sites of the organization. + type: str + choices: ['selectively', 'all'] + trust_only_following_windows_domains: + description: + - Specify which Windows domains will have access to the internal sites of the organization.<br>Available only if + windows-domains-to-trust is set to SELECTIVELY. + type: list + elements: str + connect_control: + description: + - Configure settings that relate to ConnectControl server load balancing. + type: dict + suboptions: + load_agents_port: + description: + - Sets the port number on which load measuring agents communicate with ConnectControl. + type: int + load_measurement_interval: + description: + - sets how often (in seconds) the load measuring agents report their load status to ConnectControl. + type: int + persistence_server_timeout: + description: + - Sets the amount of time (in seconds) that a client, once directed to a particular server, will continue to be directed to that same server. + type: int + server_availability_check_interval: + description: + - Sets how often (in seconds) ConnectControl checks to make sure the load balanced servers are running and responding to service requests. + type: int + server_check_retries: + description: + - Sets how many times ConnectControl attempts to contact a server before ceasing to direct traffic to it. + type: int + stateful_inspection: + description: + - Adjust Stateful Inspection parameters. + type: dict + suboptions: + tcp_start_timeout: + description: + - A TCP connection will be timed out if the interval between the arrival of the first packet and establishment of the connection (TCP + three-way handshake) exceeds TCP start timeout seconds. + type: int + tcp_session_timeout: + description: + - The length of time (in seconds) an idle connection will remain in the Security Gateway connections table. + type: int + tcp_end_timeout: + description: + - A TCP connection will only terminate TCP end timeout seconds after two FIN packets (one in each direction, client-to-server, and + server-to-client) or an RST packet. When a TCP connection ends (FIN packets sent or connection reset) the Check Point Security Gateway will keep + the connection in the connections table for another TCP end timeout seconds, to allow for stray ACKs of the connection that arrive late. + type: int + tcp_end_timeout_r8020_gw_and_above: + description: + - A TCP connection will only terminate TCP end timeout seconds after two FIN packets (one in each direction, client-to-server, and + server-to-client) or an RST packet. When a TCP connection ends (FIN packets sent or connection reset) the Check Point Security Gateway will keep + the connection in the connections table for another TCP end timeout seconds, to allow for stray ACKs of the connection that arrive late. + type: int + udp_virtual_session_timeout: + description: + - Specifies the amount of time (in seconds) a UDP reply channel may remain open without any packets being returned. + type: int + icmp_virtual_session_timeout: + description: + - An ICMP virtual session will be considered to have timed out after this time period (in seconds). + type: int + other_ip_protocols_virtual_session_timeout: + description: + - A virtual session of services which are not explicitly configured here will be considered to have timed out after this time period (in seconds). + type: int + sctp_start_timeout: + description: + - SCTP connections will be timed out if the interval between the arrival of the first packet and establishment of the connection exceeds + this value (in seconds). + type: int + sctp_session_timeout: + description: + - Time (in seconds) an idle connection will remain in the Security Gateway connections table. + type: int + sctp_end_timeout: + description: + - SCTP connections end after this number of seconds, after the connection ends or is reset, to allow for stray ACKs of the connection + that arrive late. + type: int + accept_stateful_udp_replies_for_unknown_services: + description: + - Specifies if UDP replies are to be accepted for unknown services. + type: bool + accept_stateful_icmp_errors: + description: + - Accept ICMP error packets which refer to another non-ICMP connection (for example, to an ongoing TCP or UDP connection) that was + accepted by the Rule Base. + type: bool + accept_stateful_icmp_replies: + description: + - Accept ICMP reply packets for ICMP requests that were accepted by the Rule Base. + type: bool + accept_stateful_other_ip_protocols_replies_for_unknown_services: + description: + - Accept reply packets for other undefined services (that is, services which are not one of the following, TCP, UDP, ICMP). + type: bool + drop_out_of_state_tcp_packets: + description: + - Drop TCP packets which are not consistent with the current state of the connection. + type: bool + log_on_drop_out_of_state_tcp_packets: + description: + - Generates a log entry when these out of state TCP packets are dropped.<br>Available only if drop-out-of-state-tcp-packets is true. + type: bool + tcp_out_of_state_drop_exceptions: + description: + - Name or uid of the gateways and clusters for which Out of State packets are allowed. + type: list + elements: str + drop_out_of_state_icmp_packets: + description: + - Drop ICMP packets which are not consistent with the current state of the connection. + type: bool + log_on_drop_out_of_state_icmp_packets: + description: + - Generates a log entry when these out of state ICMP packets are dropped.<br>Available only if drop-out-of-state-icmp-packets is true. + type: bool + drop_out_of_state_sctp_packets: + description: + - Drop SCTP packets which are not consistent with the current state of the connection. + type: bool + log_on_drop_out_of_state_sctp_packets: + description: + - Generates a log entry when these out of state SCTP packets are dropped.<br>Available only if drop-out-of-state-sctp-packets is true. + type: bool + log_and_alert: + description: + - Define system-wide logging and alerting parameters. + type: dict + suboptions: + administrative_notifications: + description: + - Administrative notifications specifies the action to be taken when an administrative event (for example, when a certificate is about + to expire) occurs. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + connection_matched_by_sam: + description: + - Connection matched by SAM specifies the action to be taken when a connection is blocked by SAM (Suspicious Activities Monitoring). + type: str + choices: ['Popup Alert', 'Mail Alert', 'SNMP Trap Alert', 'User Defined Alert no.1', 'User Defined Alert no.2', 'User Defined Alert no.3'] + dynamic_object_resolution_failure: + description: + - Dynamic object resolution failure specifies the action to be taken when a dynamic object cannot be resolved. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + ip_options_drop: + description: + - IP Options drop specifies the action to take when a packet with IP Options is encountered. The Check Point Security Gateway always + drops these packets, but you can log them or issue an alert. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + packet_is_incorrectly_tagged: + description: + - Packet is incorrectly tagged. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + packet_tagging_brute_force_attack: + description: + - Packet tagging brute force attack. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + sla_violation: + description: + - SLA violation specifies the action to be taken when an SLA violation occurs, as defined in the Virtual Links window. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + vpn_conf_and_key_exchange_errors: + description: + - VPN configuration & key exchange errors specifies the action to be taken when logging configuration or key exchange errors occur, for + example, when attempting to establish encrypted communication with a network object inside the same encryption domain. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + vpn_packet_handling_error: + description: + - VPN packet handling errors specifies the action to be taken when encryption or decryption errors occurs. A log entry contains the + action performed (Drop or Reject) and a short description of the error cause, for example, scheme or method mismatch. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + vpn_successful_key_exchange: + description: + - VPN successful key exchange specifies the action to be taken when VPN keys are successfully exchanged. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + log_every_authenticated_http_connection: + description: + - Log every authenticated HTTP connection specifies that a log entry should be generated for every authenticated HTTP connection. + type: bool + log_traffic: + description: + - Log Traffic specifies whether or not to log traffic. + type: str + choices: ['none', 'log'] + alerts: + description: + - Define the behavior of alert logs and the type of alert used for System Alert logs. + type: dict + suboptions: + send_popup_alert_to_smartview_monitor: + description: + - Send popup alert to SmartView Monitor when an alert is issued, it is also sent to SmartView Monitor. + type: bool + popup_alert_script: + description: + - Run popup alert script the operating system script to be executed when an alert is issued. For example, set another form of + notification, such as an email or a user-defined command. + type: str + send_mail_alert_to_smartview_monitor: + description: + - Send mail alert to SmartView Monitor when a mail alert is issued, it is also sent to SmartView Monitor. + type: bool + mail_alert_script: + description: + - Run mail alert script the operating system script to be executed when Mail is specified as the Track in a rule. The default is + internal_sendmail, which is not a script but an internal Security Gateway command. + type: str + send_snmp_trap_alert_to_smartview_monitor: + description: + - Send SNMP trap alert to SmartView Monitor when an SNMP trap alert is issued, it is also sent to SmartView Monitor. + type: bool + snmp_trap_alert_script: + description: + - Run SNMP trap alert script command to be executed when SNMP Trap is specified as the Track in a rule. By default the + internal_snmp_trap is used. This command is executed by the fwd process. + type: str + send_user_defined_alert_num1_to_smartview_monitor: + description: + - Send user defined alert no. 1 to SmartView Monitor when an alert is issued, it is also sent to SmartView Monitor. + type: bool + user_defined_script_num1: + description: + - Run user defined script the operating system script to be run when User-Defined is specified as the Track in a rule, or when + User Defined Alert no. 1 is selected as a Track Option. + type: str + send_user_defined_alert_num2_to_smartview_monitor: + description: + - Send user defined alert no. 2 to SmartView Monitor when an alert is issued, it is also sent to SmartView Monitor. + type: bool + user_defined_script_num2: + description: + - Run user defined 2 script the operating system script to be run when User-Defined is specified as the Track in a rule, or when + User Defined Alert no. 2 is selected as a Track Option. + type: str + send_user_defined_alert_num3_to_smartview_monitor: + description: + - Send user defined alert no. 3 to SmartView Monitor when an alert is issued, it is also sent to SmartView Monitor. + type: bool + user_defined_script_num3: + description: + - Run user defined 3 script the operating system script to be run when User-Defined is specified as the Track in a rule, or when + User Defined Alert no. 3 is selected as a Track Option. + type: str + default_track_option_for_system_alerts: + description: + - Set the default track option for System Alerts. + type: str + choices: ['Popup Alert', 'Mail Alert', 'SNMP Trap Alert', 'User Defined Alert no.1', 'User Defined Alert no.2', 'User Defined Alert no.3'] + time_settings: + description: + - Configure the time settings associated with system-wide logging and alerting parameters. + type: dict + suboptions: + excessive_log_grace_period: + description: + - Specifies the minimum amount of time (in seconds) between consecutive logs of similar packets. Two packets are considered + similar if they have the same source address, source port, destination address, and destination port; and the same protocol was used. After + the first packet, similar packets encountered in the grace period will be acted upon according to the security policy, but only the first + packet generates a log entry or an alert. Any value from 0 to 90 seconds can be entered in this field.<br>Note, This option only applies for + DROP rules with logging. + type: int + logs_resolving_timeout: + description: + - Specifies the amount of time (in seconds), after which the log page is displayed without resolving names and while showing + only IP addresses. Any value from 0 to 90 seconds can be entered in this field. + type: int + status_fetching_interval: + description: + - Specifies the frequency at which the Security Management server queries the Check Point Security gateway, Check Point QoS and + other gateways it manages for status information. Any value from 30 to 900 seconds can be entered in this field. + type: int + virtual_link_statistics_logging_interval: + description: + - Specifies the frequency (in seconds) with which Virtual Link statistics will be logged. This parameter is relevant only for + Virtual Links defined with SmartView Monitor statistics enabled in the SLA Parameters tab of the Virtual Link window. Any value from 60 to + 3600 seconds can be entered in this field. + type: int + data_access_control: + description: + - Configure automatic downloads from Check Point and anonymously share product data. Options selected here apply to all Security Gateways, + Clusters and VSX devices managed by this management server. + type: dict + suboptions: + auto_download_important_data: + description: + - Automatically download and install Software Blade Contracts, security updates and other important data (highly recommended). + type: bool + auto_download_sw_updates_and_new_features: + description: + - Automatically download software updates and new features (highly recommended).<br>Available only if auto-download-important-data is set to true. + type: bool + send_anonymous_info: + description: + - Help Check Point improve the product by sending anonymous information. + type: bool + share_sensitive_info: + description: + - Approve sharing core dump files and other relevant crash data which might contain personal information. All shared data will be + processed in accordance with Check Point's Privacy Policy.<br>Available only if send-anonymous-info is set to true. + type: bool + non_unique_ip_address_ranges: + description: + - Specify Non Unique IP Address Ranges. + type: list + elements: dict + suboptions: + address_type: + description: + - The type of the IP Address. + type: str + choices: ['IPv4', 'IPv6'] + first_ipv4_address: + description: + - The first IPV4 Address in the range. + type: str + first_ipv6_address: + description: + - The first IPV6 Address in the range. + type: str + last_ipv4_address: + description: + - The last IPV4 Address in the range. + type: str + last_ipv6_address: + description: + - The last IPV6 Address in the range. + type: str + proxy: + description: + - Select whether a proxy server is used when servers, gateways, or clients need to access the internet for certain Check Point features and set + the default proxy server that will be used. + type: dict + suboptions: + use_proxy_server: + description: + - If set to true, a proxy server is used when features need to access the internet. + type: bool + proxy_address: + description: + - Specify the URL or IP address of the proxy server.<br>Available only if use-proxy-server is set to true. + type: str + proxy_port: + description: + - Specify the Port on which the server will be accessed.<br>Available only if use-proxy-server is set to true. + type: int + user_check: + description: + - Set a language for the UserCheck message if the language setting in the user's browser cannot be determined. + type: dict + suboptions: + preferred_language: + description: + - The preferred language for new UserCheck message. + type: str + choices: ['Afrikaans', 'Albanian', 'Amharic', 'Arabic', 'Armenian', 'Basque', 'Belarusian', 'Bosnian', 'Bulgarian', 'Catalan', + 'Chinese', 'Croatian', 'Czech', 'Danish', 'Dutch', 'English', 'Estonian', 'Finnish', 'French', 'Gaelic', 'Georgian', 'German', 'Greek', + 'Hebrew', 'Hindi', 'Hungarian', 'Icelandic', 'Indonesian', 'Irish', 'Italian', 'Japanese', 'Korean', 'Latvian', 'Lithuanian', 'Macedonia', + 'Maltese', 'Nepali', 'Norwegian', 'Polish', 'Portuguese', 'Romanian', 'Russian', 'Serbian', 'Slovak', 'Slovenian', 'Sorbian', 'Spanish', + 'Swahili', 'Swedish', 'Thai', 'Turkish', 'Ukrainian', 'Vietnamese', 'Welsh'] + send_emails_using_mail_server: + description: + - Name or UID of mail server to send emails to. + type: str + hit_count: + description: + - Enable the Hit Count feature that tracks the number of connections that each rule matches. + type: dict + suboptions: + enable_hit_count: + description: + - Select to enable or clear to disable all Security Gateways to monitor the number of connections each rule matches. + type: bool + keep_hit_count_data_up_to: + description: + - Select one of the time range options. Data is kept in the Security Management Server database for this period and is shown in the Hits column. + type: str + choices: ['3 months', '6 months', '1 year', '2 years'] + advanced_conf: + description: + - Configure advanced global attributes. It's highly recommended to consult with Check Point's Technical Support before modifying these values. + type: dict + suboptions: + certs_and_pki: + description: + - Configure Certificates and PKI properties. + type: dict + suboptions: + cert_validation_enforce_key_size: + description: + - Enforce key length in certificate validation (R80+ gateways only). + type: str + choices: ['off', 'alert', 'fail'] + host_certs_ecdsa_key_size: + description: + - Select the key size for ECDSA of the host certificate. + type: str + choices: ['p-256', 'p-384', 'p-521'] + host_certs_key_size: + description: + - Select the key size of the host certificate. + type: str + choices: ['4096', '1024', '2048'] + allow_remote_registration_of_opsec_products: + description: + - After installing an OPSEC application, the remote administration (RA) utility enables an OPSEC product to finish registering itself without + having to access the SmartConsole. If set to true, any host including the application host can run the utility. Otherwise, the RA utility can only be + run from the Security Management host. + type: bool + num_spoofing_errs_that_trigger_brute_force: + description: + - Indicates how many incorrectly signed packets will be tolerated before assuming that there is an attack on the packet tagging and revoking the + client's key. + type: int + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-global-properties + cp_mgmt_set_global_properties: + firewall: + security_server: + http_servers: + - host: host name of server + logical_name: unique logical name + port: 8080 + reauthentication: post request + state: present +""" + +RETURN = """ +cp_mgmt_set_global_properties: + description: The checkpoint set-global-properties output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + firewall=dict(type='dict', options=dict( + accept_control_connections=dict(type='bool'), + accept_ips1_management_connections=dict(type='bool'), + accept_remote_access_control_connections=dict(type='bool'), + accept_smart_update_connections=dict(type='bool'), + accept_outgoing_packets_originating_from_gw=dict(type='bool'), + accept_outgoing_packets_originating_from_gw_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_outgoing_packets_originating_from_connectra_gw=dict(type='bool'), + accept_outgoing_packets_to_cp_online_services=dict(type='bool'), + accept_outgoing_packets_to_cp_online_services_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_domain_name_over_tcp=dict(type='bool'), + accept_domain_name_over_tcp_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_domain_name_over_udp=dict(type='bool'), + accept_domain_name_over_udp_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_dynamic_addr_modules_outgoing_internet_connections=dict(type='bool'), + accept_icmp_requests=dict(type='bool'), + accept_icmp_requests_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_identity_awareness_control_connections=dict(type='bool'), + accept_identity_awareness_control_connections_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_incoming_traffic_to_dhcp_and_dns_services_of_gws=dict(type='bool'), + accept_rip=dict(type='bool'), + accept_rip_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_vrrp_packets_originating_from_cluster_members=dict(type='bool'), + accept_web_and_ssh_connections_for_gw_administration=dict(type='bool'), + log_implied_rules=dict(type='bool'), + security_server=dict(type='dict', options=dict( + client_auth_welcome_file=dict(type='str'), + ftp_welcome_msg_file=dict(type='str'), + rlogin_welcome_msg_file=dict(type='str'), + telnet_welcome_msg_file=dict(type='str'), + mdq_welcome_msg=dict(type='str'), + smtp_welcome_msg=dict(type='str'), + http_next_proxy_host=dict(type='str'), + http_next_proxy_port=dict(type='int'), + http_servers=dict(type='list', elements='dict', options=dict( + logical_name=dict(type='str'), + host=dict(type='str'), + port=dict(type='int'), + reauthentication=dict(type='str', choices=['standard', 'post request', 'every request']) + )), + server_for_null_requests=dict(type='str') + )) + )), + nat=dict(type='dict', options=dict( + allow_bi_directional_nat=dict(type='bool'), + auto_arp_conf=dict(type='bool'), + merge_manual_proxy_arp_conf=dict(type='bool'), + auto_translate_dest_on_client_side=dict(type='bool'), + manually_translate_dest_on_client_side=dict(type='bool'), + enable_ip_pool_nat=dict(type='bool'), + addr_alloc_and_release_track=dict(type='str', choices=['ip allocation log', 'none']), + addr_exhaustion_track=dict(type='str', choices=['ip exhaustion alert', 'none', 'ip exhaustion log']) + )), + authentication=dict(type='dict', options=dict( + auth_internal_users_with_specific_suffix=dict(type='bool'), + allowed_suffix_for_internal_users=dict(type='str'), + max_days_before_expiration_of_non_pulled_user_certificates=dict(type='int'), + max_client_auth_attempts_before_connection_termination=dict(type='int'), + max_rlogin_attempts_before_connection_termination=dict(type='int'), + max_session_auth_attempts_before_connection_termination=dict(type='int'), + max_telnet_attempts_before_connection_termination=dict(type='int'), + enable_delayed_auth=dict(type='bool'), + delay_each_auth_attempt_by=dict(type='int') + )), + vpn=dict(type='dict', options=dict( + vpn_conf_method=dict(type='str', choices=['simplified', 'traditional', 'per policy']), + domain_name_for_dns_resolving=dict(type='str'), + enable_backup_gw=dict(type='bool'), + enable_decrypt_on_accept_for_gw_to_gw_traffic=dict(type='bool'), + enable_load_distribution_for_mep_conf=dict(type='bool'), + enable_vpn_directional_match_in_vpn_column=dict(type='bool'), + grace_period_after_the_crl_is_not_valid=dict(type='int'), + grace_period_before_the_crl_is_valid=dict(type='int'), + grace_period_extension_for_secure_remote_secure_client=dict(type='int'), + support_ike_dos_protection_from_identified_src=dict(type='str', choices=['puzzles', 'stateless', 'none']), + support_ike_dos_protection_from_unidentified_src=dict(type='str', choices=['puzzles', 'stateless', 'none']) + )), + remote_access=dict(type='dict', options=dict( + enable_back_connections=dict(type='bool'), + keep_alive_packet_to_gw_interval=dict(type='int'), + encrypt_dns_traffic=dict(type='bool'), + simultaneous_login_mode=dict(type='str', choices=['allowonlysinglelogintouser', 'allowseverallogintouser']), + vpn_authentication_and_encryption=dict(type='dict', options=dict( + encryption_algorithms=dict(type='dict', options=dict( + ike=dict(type='dict', options=dict( + support_encryption_algorithms=dict(type='dict', options=dict( + tdes=dict(type='bool'), + aes_128=dict(type='bool'), + aes_256=dict(type='bool'), + des=dict(type='bool') + )), + use_encryption_algorithm=dict(type='str', choices=['AES-256', 'DES', 'AES-128', 'TDES']), + support_data_integrity=dict(type='dict', options=dict( + aes_xcbc=dict(type='bool'), + md5=dict(type='bool'), + sha1=dict(type='bool'), + sha256=dict(type='bool') + )), + use_data_integrity=dict(type='str', choices=['aes-xcbc', 'sha256', 'sha1', 'md5']), + support_diffie_hellman_groups=dict(type='dict', options=dict( + group1=dict(type='bool'), + group14=dict(type='bool'), + group2=dict(type='bool'), + group5=dict(type='bool') + )), + use_diffie_hellman_group=dict(type='str', choices=['group 1', 'group 2', 'group 5', 'group 14']) + )), + ipsec=dict(type='dict', options=dict( + support_encryption_algorithms=dict(type='dict', options=dict( + tdes=dict(type='bool'), + aes_128=dict(type='bool'), + aes_256=dict(type='bool'), + des=dict(type='bool') + )), + use_encryption_algorithm=dict(type='str', choices=['AES-256', 'DES', 'AES-128', 'TDES']), + support_data_integrity=dict(type='dict', options=dict( + aes_xcbc=dict(type='bool'), + md5=dict(type='bool'), + sha1=dict(type='bool'), + sha256=dict(type='bool') + )), + use_data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'sha512', 'md5']), + enforce_encryption_alg_and_data_integrity_on_all_users=dict(type='bool') + )) + )), + encryption_method=dict(type='str', choices=['prefer_ikev2_support_ikev1', 'ike_v2_only', 'ike_v1_only']), + pre_shared_secret=dict(type='bool'), + support_legacy_auth_for_sc_l2tp_nokia_clients=dict(type='bool'), + support_legacy_eap=dict(type='bool'), + support_l2tp_with_pre_shared_key=dict(type='bool'), + l2tp_pre_shared_key=dict(type='str', no_log=True) + )), + vpn_advanced=dict(type='dict', options=dict( + allow_clear_traffic_to_encryption_domain_when_disconnected=dict(type='bool'), + enable_load_distribution_for_mep_conf=dict(type='bool'), + use_first_allocated_om_ip_addr_for_all_conn_to_the_gws_of_the_site=dict(type='bool') + )), + scv=dict(type='dict', options=dict( + apply_scv_on_simplified_mode_fw_policies=dict(type='bool'), + exceptions=dict(type='list', elements='dict', options=dict( + hosts=dict(type='list', elements='str'), + services=dict(type='list', elements='str') + )), + no_scv_for_unsupported_cp_clients=dict(type='bool'), + upon_verification_accept_and_log_client_connection=dict(type='bool'), + only_tcp_ip_protocols_are_used=dict(type='bool'), + policy_installed_on_all_interfaces=dict(type='bool'), + generate_log=dict(type='bool'), + notify_user=dict(type='bool') + )), + ssl_network_extender=dict(type='dict', options=dict( + user_auth_method=dict(type='str', choices=['certificate_with_enrollment', 'certificate', 'mixed', 'legacy']), + supported_encryption_methods=dict(type='str', choices=['3des_or_rc4', '3des_only']), + client_upgrade_upon_connection=dict(type='str', choices=['force_upgrade', 'ask_user', 'no_upgrade']), + client_uninstall_upon_disconnection=dict(type='str', choices=['force_uninstall', 'ask_user', 'dont_uninstall']), + re_auth_user_interval=dict(type='int'), + scan_ep_machine_for_compliance_with_ep_compliance_policy=dict(type='bool'), + client_outgoing_keep_alive_packets_frequency=dict(type='int') + )), + secure_client_mobile=dict(type='dict', options=dict( + user_auth_method=dict(type='str', choices=['certificate_with_enrollment', 'certificate', 'mixed', 'legacy']), + enable_password_caching=dict(type='str', choices=['client_decide', 'true', 'false']), + cache_password_timeout=dict(type='int'), + re_auth_user_interval=dict(type='int'), + connect_mode=dict(type='str', choices=['manual', 'always connected', 'on application request', 'configured on endpoint client']), + automatically_initiate_dialup=dict(type='str', choices=['client_decide', 'true', 'false']), + disconnect_when_device_is_idle=dict(type='str', choices=['client_decide', 'true', 'false']), + supported_encryption_methods=dict(type='str', choices=['3des_or_rc4', '3des_only']), + route_all_traffic_to_gw=dict(type='str', choices=['client_decide', 'true', 'false']) + )), + endpoint_connect=dict(type='dict', options=dict( + enable_password_caching=dict(type='str', choices=['client_decide', 'true', 'false']), + cache_password_timeout=dict(type='int'), + re_auth_user_interval=dict(type='int'), + connect_mode=dict(type='str', choices=['Manual', 'Always Connected', 'Configured On Endpoint Client']), + network_location_awareness=dict(type='str', choices=['client_decide', 'true', 'false']), + network_location_awareness_conf=dict(type='dict', options=dict( + vpn_clients_are_considered_inside_the_internal_network_when_the_client=dict( + type='str', + choices=['connects to gw through internal interface', + 'connects from network or group', + 'runs on computer with access to active directory domain']), + network_or_group_of_conn_vpn_client=dict(type='str'), + consider_wireless_networks_as_external=dict(type='bool'), + excluded_internal_wireless_networks=dict(type='list', elements='str'), + consider_undefined_dns_suffixes_as_external=dict(type='bool'), + dns_suffixes=dict(type='list', elements='str'), + remember_previously_detected_external_networks=dict(type='bool') + )), + disconnect_when_conn_to_network_is_lost=dict(type='str', choices=['client_decide', 'true', 'false']), + disconnect_when_device_is_idle=dict(type='str', choices=['client_decide', 'true', 'false']), + route_all_traffic_to_gw=dict(type='str', choices=['client_decide', 'true', 'false']), + client_upgrade_mode=dict(type='str', choices=['force_upgrade', 'ask_user', 'no_upgrade']) + )), + hot_spot_and_hotel_registration=dict(type='dict', options=dict( + enable_registration=dict(type='bool'), + local_subnets_access_only=dict(type='bool'), + registration_timeout=dict(type='int'), + track_log=dict(type='bool'), + max_ip_access_during_registration=dict(type='int'), + ports=dict(type='list', elements='str') + )) + )), + user_directory=dict(type='dict', options=dict( + enable_password_change_when_user_active_directory_expires=dict(type='bool'), + cache_size=dict(type='int'), + enable_password_expiration_configuration=dict(type='bool'), + password_expires_after=dict(type='int', no_log=False), + timeout_on_cached_users=dict(type='int'), + display_user_dn_at_login=dict(type='str', choices=['no display', 'display upon request', 'display']), + enforce_rules_for_user_mgmt_admins=dict(type='bool'), + min_password_length=dict(type='int', no_log=False), + password_must_include_a_digit=dict(type='bool'), + password_must_include_a_symbol=dict(type='bool'), + password_must_include_lowercase_char=dict(type='bool'), + password_must_include_uppercase_char=dict(type='bool') + )), + qos=dict(type='dict', options=dict( + default_weight_of_rule=dict(type='int'), + max_weight_of_rule=dict(type='int'), + unit_of_measure=dict(type='str', choices=['bits-per-sec', 'bytes-per-sec', 'kbits-per-sec', 'kbytes-per-sec', 'mbits-per-sec', 'mbytes-per-sec']), + authenticated_ip_expiration=dict(type='int'), + non_authenticated_ip_expiration=dict(type='int'), + unanswered_queried_ip_expiration=dict(type='int') + )), + carrier_security=dict(type='dict', options=dict( + block_gtp_in_gtp=dict(type='bool'), + enforce_gtp_anti_spoofing=dict(type='bool'), + produce_extended_logs_on_unmatched_pdus=dict(type='bool'), + produce_extended_logs_on_unmatched_pdus_position=dict(type='str', choices=['before last', 'last']), + protocol_violation_track_option=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + enable_g_pdu_seq_number_check_with_max_deviation=dict(type='bool'), + g_pdu_seq_number_check_max_deviation=dict(type='int'), + verify_flow_labels=dict(type='bool'), + allow_ggsn_replies_from_multiple_interfaces=dict(type='bool'), + enable_reverse_connections=dict(type='bool'), + gtp_signaling_rate_limit_sampling_interval=dict(type='int'), + one_gtp_echo_on_each_path_frequency=dict(type='int'), + aggressive_aging=dict(type='bool'), + aggressive_timeout=dict(type='int'), + memory_activation_threshold=dict(type='int'), + memory_deactivation_threshold=dict(type='int'), + tunnel_activation_threshold=dict(type='int'), + tunnel_deactivation_threshold=dict(type='int') + )), + user_accounts=dict(type='dict', options=dict( + expiration_date_method=dict(type='str', choices=['expire after', 'expire at']), + expiration_date=dict(type='str'), + days_until_expiration=dict(type='int'), + show_accounts_expiration_indication_days_in_advance=dict(type='bool') + )), + user_authority=dict(type='dict', options=dict( + display_web_access_view=dict(type='bool'), + windows_domains_to_trust=dict(type='str', choices=['selectively', 'all']), + trust_only_following_windows_domains=dict(type='list', elements='str') + )), + connect_control=dict(type='dict', options=dict( + load_agents_port=dict(type='int'), + load_measurement_interval=dict(type='int'), + persistence_server_timeout=dict(type='int'), + server_availability_check_interval=dict(type='int'), + server_check_retries=dict(type='int') + )), + stateful_inspection=dict(type='dict', options=dict( + tcp_start_timeout=dict(type='int'), + tcp_session_timeout=dict(type='int'), + tcp_end_timeout=dict(type='int'), + tcp_end_timeout_r8020_gw_and_above=dict(type='int'), + udp_virtual_session_timeout=dict(type='int'), + icmp_virtual_session_timeout=dict(type='int'), + other_ip_protocols_virtual_session_timeout=dict(type='int'), + sctp_start_timeout=dict(type='int'), + sctp_session_timeout=dict(type='int'), + sctp_end_timeout=dict(type='int'), + accept_stateful_udp_replies_for_unknown_services=dict(type='bool'), + accept_stateful_icmp_errors=dict(type='bool'), + accept_stateful_icmp_replies=dict(type='bool'), + accept_stateful_other_ip_protocols_replies_for_unknown_services=dict(type='bool'), + drop_out_of_state_tcp_packets=dict(type='bool'), + log_on_drop_out_of_state_tcp_packets=dict(type='bool'), + tcp_out_of_state_drop_exceptions=dict(type='list', elements='str'), + drop_out_of_state_icmp_packets=dict(type='bool'), + log_on_drop_out_of_state_icmp_packets=dict(type='bool'), + drop_out_of_state_sctp_packets=dict(type='bool'), + log_on_drop_out_of_state_sctp_packets=dict(type='bool') + )), + log_and_alert=dict(type='dict', options=dict( + administrative_notifications=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + connection_matched_by_sam=dict(type='str', choices=['Popup Alert', 'Mail Alert', + 'SNMP Trap Alert', 'User Defined Alert no.1', 'User Defined Alert no.2', + 'User Defined Alert no.3']), + dynamic_object_resolution_failure=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + ip_options_drop=dict(type='str', choices=['none', 'log', 'popup alert', 'mail alert', + 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', 'user defined alert no.3']), + packet_is_incorrectly_tagged=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + packet_tagging_brute_force_attack=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + sla_violation=dict(type='str', choices=['none', 'log', 'popup alert', 'mail alert', + 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', 'user defined alert no.3']), + vpn_conf_and_key_exchange_errors=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + vpn_packet_handling_error=dict(type='str', choices=['none', 'log', 'popup alert', + 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3']), + vpn_successful_key_exchange=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + log_every_authenticated_http_connection=dict(type='bool'), + log_traffic=dict(type='str', choices=['none', 'log']), + alerts=dict(type='dict', options=dict( + send_popup_alert_to_smartview_monitor=dict(type='bool'), + popup_alert_script=dict(type='str'), + send_mail_alert_to_smartview_monitor=dict(type='bool'), + mail_alert_script=dict(type='str'), + send_snmp_trap_alert_to_smartview_monitor=dict(type='bool'), + snmp_trap_alert_script=dict(type='str'), + send_user_defined_alert_num1_to_smartview_monitor=dict(type='bool'), + user_defined_script_num1=dict(type='str'), + send_user_defined_alert_num2_to_smartview_monitor=dict(type='bool'), + user_defined_script_num2=dict(type='str'), + send_user_defined_alert_num3_to_smartview_monitor=dict(type='bool'), + user_defined_script_num3=dict(type='str'), + default_track_option_for_system_alerts=dict(type='str', choices=['Popup Alert', 'Mail Alert', 'SNMP Trap Alert', + 'User Defined Alert no.1', 'User Defined Alert no.2', + 'User Defined Alert no.3']) + )), + time_settings=dict(type='dict', options=dict( + excessive_log_grace_period=dict(type='int'), + logs_resolving_timeout=dict(type='int'), + status_fetching_interval=dict(type='int'), + virtual_link_statistics_logging_interval=dict(type='int') + )) + )), + data_access_control=dict(type='dict', options=dict( + auto_download_important_data=dict(type='bool'), + auto_download_sw_updates_and_new_features=dict(type='bool'), + send_anonymous_info=dict(type='bool'), + share_sensitive_info=dict(type='bool') + )), + non_unique_ip_address_ranges=dict(type='list', elements='dict', options=dict( + address_type=dict(type='str', choices=['IPv4', 'IPv6']), + first_ipv4_address=dict(type='str'), + first_ipv6_address=dict(type='str'), + last_ipv4_address=dict(type='str'), + last_ipv6_address=dict(type='str') + )), + proxy=dict(type='dict', options=dict( + use_proxy_server=dict(type='bool'), + proxy_address=dict(type='str'), + proxy_port=dict(type='int') + )), + user_check=dict(type='dict', options=dict( + preferred_language=dict(type='str', choices=['Afrikaans', 'Albanian', 'Amharic', 'Arabic', + 'Armenian', 'Basque', 'Belarusian', 'Bosnian', 'Bulgarian', 'Catalan', 'Chinese', 'Croatian', 'Czech', + 'Danish', 'Dutch', 'English', 'Estonian', 'Finnish', 'French', 'Gaelic', 'Georgian', 'German', + 'Greek', 'Hebrew', 'Hindi', 'Hungarian', 'Icelandic', 'Indonesian', 'Irish', 'Italian', 'Japanese', + 'Korean', 'Latvian', 'Lithuanian', 'Macedonia', 'Maltese', 'Nepali', 'Norwegian', 'Polish', + 'Portuguese', 'Romanian', 'Russian', 'Serbian', 'Slovak', 'Slovenian', 'Sorbian', 'Spanish', + 'Swahili', 'Swedish', 'Thai', 'Turkish', 'Ukrainian', 'Vietnamese', 'Welsh']), + send_emails_using_mail_server=dict(type='str') + )), + hit_count=dict(type='dict', options=dict( + enable_hit_count=dict(type='bool'), + keep_hit_count_data_up_to=dict(type='str', choices=['3 months', '6 months', '1 year', '2 years']) + )), + advanced_conf=dict(type='dict', options=dict( + certs_and_pki=dict(type='dict', options=dict( + cert_validation_enforce_key_size=dict(type='str', choices=['off', 'alert', 'fail']), + host_certs_ecdsa_key_size=dict(type='str', choices=['p-256', 'p-384', 'p-521']), + host_certs_key_size=dict(type='str', choices=['4096', '1024', '2048']) + )) + )), + allow_remote_registration_of_opsec_products=dict(type='bool'), + num_spoofing_errs_that_trigger_brute_force=dict(type='int'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-global-properties" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py new file mode 100644 index 000000000..c8b74f7f7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py @@ -0,0 +1,100 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_idp_default_assignment +short_description: Set default Identity Provider assignment to be use for Management server administrator access. +description: + - Set default Identity Provider assignment to be use for Management server administrator access. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + identity_provider: + description: + - Represents the Identity Provider to be used for Login by this assignment identified by the name or UID, to cancel existing assignment should + set to 'none'. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-idp-default-assignment + cp_mgmt_set_idp_default_assignment: + identity_provider: azure +""" + +RETURN = """ +cp_mgmt_set_idp_default_assignment: + description: The checkpoint set-idp-default-assignment output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + identity_provider=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-idp-default-assignment" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py new file mode 100644 index 000000000..b14aca799 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py @@ -0,0 +1,112 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_idp_to_domain_assignment +short_description: Set Identity Provider assignment to domain, to allow administrator login to that domain using that identity provider, if there is no + Identity Provider assigned to the domain the 'idp-default-assignment' will be used. This command only available for Multi-Domain server. +description: + - Set Identity Provider assignment to domain, to allow administrator login to that domain using that identity provider, if there is no Identity Provider + assigned to the domain the 'idp-default-assignment' will be used. This command only available for Multi-Domain server. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + assigned_domain: + description: + - Represents the Domain assigned by 'idp-to-domain-assignment', need to be domain name or UID. + type: str + identity_provider: + description: + - Represents the Identity Provider to be used for Login by this assignment. Must be set when "using-default" was set to be false. + type: str + using_default: + description: + - Is this assignment override by 'idp-default-assignment'. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-idp-to-domain-assignment + cp_mgmt_set_idp_to_domain_assignment: + assigned_domain: BSMS + identity_provider: okta +""" + +RETURN = """ +cp_mgmt_set_idp_to_domain_assignment: + description: The checkpoint set-idp-to-domain-assignment output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + assigned_domain=dict(type='str'), + identity_provider=dict(type='str'), + using_default=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-idp-to-domain-assignment" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py new file mode 100644 index 000000000..01832640e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py @@ -0,0 +1,161 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_nat_rule +short_description: Edit existing object using object name or uid. +description: + - Edit existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + rule_number: + description: + - Rule number. + type: str + package: + description: + - Name of the package. + type: str + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + method: + description: + - Nat method. + type: str + choices: ['static', 'hide', 'nat64', 'nat46'] + new_position: + description: + - New position in the rulebase. + type: str + original_destination: + description: + - Original destination. + type: str + original_service: + description: + - Original service. + type: str + original_source: + description: + - Original source. + type: str + translated_destination: + description: + - Translated destination. + type: str + translated_service: + description: + - Translated service. + type: str + translated_source: + description: + - Translated source. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-nat-rule + cp_mgmt_set_nat_rule: + comments: rule for RND members RNDNetwork-> RND to Internal Network + enabled: false + original_service: ssh_version_2 + original_source: Any + package: standard + state: present +""" + +RETURN = """ +cp_mgmt_set_nat_rule: + description: The checkpoint set-nat-rule output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + rule_number=dict(type='str'), + package=dict(type='str'), + enabled=dict(type='bool'), + install_on=dict(type='list', elements='str'), + method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']), + new_position=dict(type='str'), + original_destination=dict(type='str'), + original_service=dict(type='str'), + original_source=dict(type='str'), + translated_destination=dict(type='str'), + translated_service=dict(type='str'), + translated_source=dict(type='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-nat-rule" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py new file mode 100644 index 000000000..9979860b2 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py @@ -0,0 +1,123 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_session +short_description: Edit user's current session. +description: + - Edit user's current session. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + description: + description: + - Session description. + type: str + new_name: + description: + - New name of the object. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-session + cp_mgmt_set_session: + description: Session to work on ticket number CR00323665 + state: present +""" + +RETURN = """ +cp_mgmt_set_session: + description: The checkpoint set-session output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + description=dict(type='str'), + new_name=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-session" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py new file mode 100644 index 000000000..15258f900 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py @@ -0,0 +1,158 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_threat_advanced_settings +short_description: Edit Threat Prevention's Blades' Settings. +description: + - Edit Threat Prevention's Blades' Settings. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + feed_retrieving_interval: + description: + - Feed retrieving intervals of External Feed, in the form of HH,MM. + type: str + httpi_non_standard_ports: + description: + - Enable HTTP Inspection on non standard ports for Threat Prevention blades. + type: bool + internal_error_fail_mode: + description: + - In case of internal system error, allow or block all connections. + type: str + choices: ['allow connections', 'block connections'] + log_unification_timeout: + description: + - Session unification timeout for logs (minutes). + type: int + resource_classification: + description: + - Allow (Background) or Block (Hold) requests until categorization is complete. + type: dict + suboptions: + custom_settings: + description: + - On Custom mode, custom resources classification per service. + type: dict + suboptions: + anti_bot: + description: + - Custom Settings for Anti Bot Blade. + type: str + choices: ['background', 'hold'] + anti_virus: + description: + - Custom Settings for Anti Virus Blade. + type: str + choices: ['background', 'hold'] + zero_phishing: + description: + - Custom Settings for Zero Phishing Blade. + type: str + choices: ['background', 'hold'] + mode: + description: + - Set all services to the same mode or choose a custom mode. + type: str + choices: ['background', 'hold', 'custom'] + web_service_fail_mode: + description: + - Block connections when the web service is unavailable. + type: str + choices: ['allow connections', 'block connections'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-threat-advanced-settings + cp_mgmt_set_threat_advanced_settings: + feed_retrieving_interval: 00:05 + httpi_non_standard_ports: true + internal_error_fail_mode: allow connections + log_unification_timeout: 600 + resource_classification.mode: hold + resource_classification.web_service_fail_mode: block connections + state: present +""" + +RETURN = """ +cp_mgmt_set_threat_advanced_settings: + description: The checkpoint set-threat-advanced-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + feed_retrieving_interval=dict(type='str'), + httpi_non_standard_ports=dict(type='bool'), + internal_error_fail_mode=dict(type='str', choices=['allow connections', 'block connections']), + log_unification_timeout=dict(type='int'), + resource_classification=dict(type='dict', options=dict( + custom_settings=dict(type='dict', options=dict( + anti_bot=dict(type='str', choices=['background', 'hold']), + anti_virus=dict(type='str', choices=['background', 'hold']), + zero_phishing=dict(type='str', choices=['background', 'hold']) + )), + mode=dict(type='str', choices=['background', 'hold', 'custom']), + web_service_fail_mode=dict(type='str', choices=['allow connections', 'block connections']) + )), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-threat-advanced-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py new file mode 100644 index 000000000..dfa684fda --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_access_section +short_description: Retrieve existing object using object name or uid. +description: + - Retrieve existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-access-section + cp_mgmt_show_access_section: + layer: Network + name: New Section 1 +""" + +RETURN = """ +cp_mgmt_show_access_section: + description: The checkpoint show-access-section output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-access-section" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py new file mode 100644 index 000000000..91725ff53 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_cloud_services +short_description: Show the connection status of the Management Server to Check Point's Infinity Portal. +description: + - Show the connection status of the Management Server to Check Point's Infinity Portal. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-cloud-services + cp_mgmt_show_cloud_services: +""" + +RETURN = """ +cp_mgmt_show_cloud_services: + description: The checkpoint show-cloud-services output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-cloud-services" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py new file mode 100644 index 000000000..24f40149b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_global_properties +short_description: Retrieve Global Properties. +description: + - Retrieve Global Properties. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-global-properties + cp_mgmt_show_global_properties: +""" + +RETURN = """ +cp_mgmt_show_global_properties: + description: The checkpoint show-global-properties output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-global-properties" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py new file mode 100644 index 000000000..e05e8b4b3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_https_section +short_description: Retrieve existing HTTPS Inspection section using section name or uid and layer name. +description: + - Retrieve existing HTTPS Inspection section using section name or uid and layer name. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + layer: + description: + - Layer that holds the Object. Identified by the Name or UID. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-https-section + cp_mgmt_show_https_section: + layer: Default Layer + name: New Section 1 +""" + +RETURN = """ +cp_mgmt_show_https_section: + description: The checkpoint show-https-section output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-https-section" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py new file mode 100644 index 000000000..e6962ce94 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py @@ -0,0 +1,78 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_idp_default_assignment +short_description: Retrieve default Identity Provider assignment that used for Management server administrator access. +description: + - Retrieve default Identity Provider assignment that used for Management server administrator access. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-idp-default-assignment + cp_mgmt_show_idp_default_assignment: +""" + +RETURN = """ +cp_mgmt_show_idp_default_assignment: + description: The checkpoint show-idp-default-assignment output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-idp-default-assignment" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py new file mode 100644 index 000000000..59ecccd35 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_logs +short_description: Showing logs according to the given filter. +description: + - Showing logs according to the given filter. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + new_query: + description: + - Running a new query. + type: dict + suboptions: + filter: + description: + - The filter as entered in SmartConsole/SmartView. + type: str + time_frame: + description: + - Specify the time frame to query logs. + type: str + choices: ['last-7-days', 'last-hour', 'today', 'last-24-hours', 'yesterday', 'this-week', 'this-month', 'last-30-days', 'all-time', 'custom'] + custom_start: + description: + - This option is only applicable when using the custom time-frame option. + type: str + custom_end: + description: + - This option is only applicable when using the custom time-frame option. + type: str + max_logs_per_request: + description: + - Limit the number of logs to be retrieved. + type: int + top: + description: + - Top results configuration. + type: dict + suboptions: + field: + description: + - The field on which the top command is executed. + type: str + choices: ['sources', 'destinations', 'services', 'actions', 'blades' , 'origins', 'users', 'applications'] + count: + description: + - The number of results to retrieve. + type: int + type: + description: + - Type of logs to return. + type: str + choices: ['logs', 'audit'] + log_servers: + description: + - List of IP's of logs servers to query. + type: list + elements: str + query_id: + description: + - Get the next page of last run query with specified limit. + type: str + ignore_warnings: + description: + - Ignore warnings if exist. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-logs + cp_mgmt_show_logs: + new_query: + filter: blade:"Threat Emulation" + max_logs_per_request: '2' + time_frame: today +""" + +RETURN = """ +cp_mgmt_show_logs: + description: The checkpoint show-logs output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + new_query=dict(type='dict', options=dict( + filter=dict(type='str'), + time_frame=dict(type='str', choices=['last-7-days', 'last-hour', 'today', 'last-24-hours', 'yesterday', + 'this-week', 'this-month', 'last-30-days', 'all-time', 'custom']), + custom_start=dict(type='str'), + custom_end=dict(type='str'), + max_logs_per_request=dict(type='int'), + top=dict(type='dict', options=dict( + field=dict(type='str', choices=['sources', 'destinations', 'services', 'actions', 'blades', 'origins', 'users', 'applications']), + count=dict(type='int') + )), + type=dict(type='str', choices=['logs', 'audit']), + log_servers=dict(type='list', elements='str') + )), + query_id=dict(type='str'), + ignore_warnings=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-logs" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py new file mode 100644 index 000000000..92809266c --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_nat_section +short_description: Retrieve existing object using object name or uid. +description: + - Retrieve existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + package: + description: + - Name of the package. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-nat-section + cp_mgmt_show_nat_section: + name: New Section 1 + package: standard +""" + +RETURN = """ +cp_mgmt_show_nat_section: + description: The checkpoint show-nat-section output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + package=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-nat-section" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py new file mode 100644 index 000000000..6014b40a3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py @@ -0,0 +1,73 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_servers_and_processes +short_description: Shows the status of all processes in the current machine (Multi-Domain Server and all Domain Management / Log Servers). <br>This command is + available only on Multi-Domain Server. +description: + - Shows the status of all processes in the current machine (Multi-Domain Server and all Domain Management / Log Servers). <br>This command is available + only on Multi-Domain Server. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-servers-and-processes + cp_mgmt_show_servers_and_processes: +""" + +RETURN = """ +cp_mgmt_show_servers_and_processes: + description: The checkpoint show-servers-and-processes output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-servers-and-processes" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py new file mode 100644 index 000000000..0b6ef90b7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py @@ -0,0 +1,77 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_software_package_details +short_description: Gets the software package information from the cloud. +description: + - Gets the software package information from the cloud. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the software package. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-software-package-details + cp_mgmt_show_software_package_details: + name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz +""" + +RETURN = """ +cp_mgmt_show_software_package_details: + description: The checkpoint show-software-package-details output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-software-package-details" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py new file mode 100644 index 000000000..d90bc7bbf --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py @@ -0,0 +1,85 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_task +short_description: Show task progress and details. +description: + - Show task progress and details. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + task_id: + description: + - Unique identifier of one or more tasks. + type: list + elements: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-task + cp_mgmt_show_task: + task_id: 2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb +""" + +RETURN = """ +cp_mgmt_show_task: + description: The checkpoint show-task output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + task_id=dict(type='list', elements='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-task" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py new file mode 100644 index 000000000..a9fcdd872 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py @@ -0,0 +1,134 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_tasks +short_description: Retrieve all tasks and show their progress and details. +description: + - Retrieve all tasks and show their progress and details. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + initiator: + description: + - Initiator's name. If name isn't specified, tasks from all initiators will be shown. + type: str + status: + description: + - Status. + type: str + choices: ['successful', 'failed', 'in-progress', 'all'] + from_date: + description: + - The date from which tracking tasks is to be performed, by the task's last update date. ISO 8601. If timezone isn't specified in the input, the + Management server's timezone is used. + type: str + to_date: + description: + - The date until which tracking tasks is to be performed, by the task's last update date. ISO 8601. If timezone isn't specified in the input, + the Management server's timezone is used. + type: str + limit: + description: + - The maximal number of returned results. + type: int + offset: + description: + - Number of the results to initially skip. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the descending order by the task's last update date. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-tasks + cp_mgmt_show_tasks: + from_date: '2018-05-23T08:00:00' + initiator: admin1 + status: successful +""" + +RETURN = """ +cp_mgmt_show_tasks: + description: The checkpoint show-tasks output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + initiator=dict(type='str'), + status=dict(type='str', choices=['successful', 'failed', 'in-progress', 'all']), + from_date=dict(type='str'), + to_date=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-tasks" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py new file mode 100644 index 000000000..5af7329a7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_threat_advanced_settings +short_description: Show Threat Prevention's Blades' Settings. +description: + - Show Threat Prevention's Blades' Settings. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-threat-advanced-settings + cp_mgmt_show_threat_advanced_settings: +""" + +RETURN = """ +cp_mgmt_show_threat_advanced_settings: + description: The checkpoint show-threat-advanced-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-threat-advanced-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py new file mode 100644 index 000000000..0742d2489 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py @@ -0,0 +1,1287 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_simple_cluster +short_description: Manages simple-cluster objects on Checkpoint over Web Services API +description: + - Manages simple-cluster objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + anti_bot: + description: + - Anti-Bot blade enabled. + type: bool + anti_virus: + description: + - Anti-Virus blade enabled. + type: bool + application_control: + description: + - Application Control blade enabled. + type: bool + cluster_mode: + description: + - Cluster mode. + type: str + choices: ['cluster-xl-ha', 'cluster-ls-multicast', 'cluster-ls-unicast', 'opsec-ha', 'opsec-ls'] + content_awareness: + description: + - Content Awareness blade enabled. + type: bool + firewall: + description: + - Firewall blade enabled. + type: bool + firewall_settings: + description: + - N/A + type: dict + suboptions: + auto_calculate_connections_hash_table_size_and_memory_pool: + description: + - N/A + type: bool + auto_maximum_limit_for_concurrent_connections: + description: + - N/A + type: bool + connections_hash_size: + description: + - N/A + type: int + maximum_limit_for_concurrent_connections: + description: + - N/A + type: int + maximum_memory_pool_size: + description: + - N/A + type: int + memory_pool_size: + description: + - N/A + type: int + hardware: + description: + - Cluster platform hardware. + type: str + interfaces: + description: + - N/A + type: list + elements: dict + suboptions: + name: + description: + - Object name. + type: str + interface_type: + description: + - Cluster interface type. + type: str + choices: ['cluster', 'sync', 'cluster + sync', 'private'] + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + network_mask: + description: + - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of + providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use + ipv4-mask-length and ipv6-mask-length fields explicitly. + type: str + ipv4_network_mask: + description: + - IPv4 network address. + type: str + ipv6_network_mask: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. + type: str + ipv4_mask_length: + description: + - IPv4 network mask length. + type: str + ipv6_mask_length: + description: + - IPv6 network mask length. + type: str + anti_spoofing: + description: + - N/A + type: bool + anti_spoofing_settings: + description: + - N/A + type: dict + suboptions: + action: + description: + - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option). + type: str + choices: ['prevent', 'detect'] + exclude_packets: + description: + - Don't check packets from excluded network. + type: bool + excluded_network_name: + description: + - Excluded network name. + type: str + excluded_network_uid: + description: + - Excluded network UID. + type: str + spoof_tracking: + description: + - Spoof tracking. + type: str + choices: ['none', 'log', 'alert'] + multicast_address: + description: + - Multicast IP Address. + type: str + multicast_address_type: + description: + - Multicast Address Type. + type: str + choices: ['manual', 'default'] + security_zone: + description: + - N/A + type: bool + security_zone_settings: + description: + - N/A + type: dict + suboptions: + auto_calculated: + description: + - Security Zone is calculated according to where the interface leads to. + type: bool + specific_zone: + description: + - Security Zone specified manually. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + topology: + description: + - N/A + type: str + choices: ['automatic', 'external', 'internal'] + topology_settings: + description: + - N/A + type: dict + suboptions: + interface_leads_to_dmz: + description: + - Whether this interface leads to demilitarized zone (perimeter network). + type: bool + ip_address_behind_this_interface: + description: + - Network settings behind this interface. + type: str + choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific'] + specific_network: + description: + - Network behind this interface. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + ips: + description: + - Intrusion Prevention System blade enabled. + type: bool + members: + description: + - Cluster members list. Only new cluster member can be added. Adding existing gateway is not supported. + type: list + elements: dict + suboptions: + name: + description: + - Object name. + type: str + interfaces: + description: + - Cluster Member network interfaces. + type: list + elements: dict + suboptions: + name: + description: + - Object name. + type: str + anti_spoofing: + description: + - N/A + type: bool + anti_spoofing_settings: + description: + - N/A + type: dict + suboptions: + action: + description: + - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option). + type: str + choices: ['prevent', 'detect'] + exclude_packets: + description: + - Don't check packets from excluded network. + type: bool + excluded_network_name: + description: + - Excluded network name. + type: str + excluded_network_uid: + description: + - Excluded network UID. + type: str + spoof_tracking: + description: + - Spoof tracking. + type: str + choices: ['none', 'log', 'alert'] + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + network_mask: + description: + - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead + of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use + ipv4-mask-length and ipv6-mask-length fields explicitly. + type: str + ipv4_network_mask: + description: + - IPv4 network address. + type: str + ipv6_network_mask: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. + type: str + ipv4_mask_length: + description: + - IPv4 network mask length. + type: str + ipv6_mask_length: + description: + - IPv6 network mask length. + type: str + security_zone: + description: + - N/A + type: bool + security_zone_settings: + description: + - N/A + type: dict + suboptions: + auto_calculated: + description: + - Security Zone is calculated according to where the interface leads to. + type: bool + specific_zone: + description: + - Security Zone specified manually. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + topology: + description: + - N/A + type: str + choices: ['automatic', 'external', 'internal'] + topology_settings: + description: + - N/A + type: dict + suboptions: + interface_leads_to_dmz: + description: + - Whether this interface leads to demilitarized zone (perimeter network). + type: bool + ip_address_behind_this_interface: + description: + - Network settings behind this interface. + type: str + choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific'] + specific_network: + description: + - Network behind this interface. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully + detailed representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings + will also be ignored. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + one_time_password: + description: + - N/A + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + os_name: + description: + - Cluster platform operating system. + type: str + platform_portal_settings: + description: + - Platform portal settings. + type: dict + suboptions: + portal_web_settings: + description: + - Configuration of the portal web settings. + type: dict + suboptions: + aliases: + description: + - List of URL aliases that are redirected to the main portal URL. + type: list + elements: str + ip_address: + description: + - Optional, IP address for the web portal to use, if your DNS server fails to resolve the main portal URL. + Note, If your DNS server resolves the main portal URL, this IP address is ignored. + type: str + main_url: + description: + - The main URL for the web portal. + type: str + certificate_settings: + description: + - Configuration of the portal certificate settings. + type: dict + suboptions: + base64_certificate: + description: + - The certificate file encoded in Base64 with padding. This file must be in the *.p12 format. + type: str + base64_password: + description: + - Password (encoded in Base64 with padding) for the certificate file. + type: str + accessibility: + description: + - Configuration of the portal access settings. + type: dict + suboptions: + allow_access_from: + description: + - Allowed access to the web portal (based on interfaces, or security policy). + type: str + choices: ['rule_base', 'internal_interfaces', 'all_interfaces'] + internal_access_settings: + description: + - Configuration of the additional portal access settings for internal interfaces only. + type: dict + suboptions: + undefined: + description: + - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'. + type: bool + dmz: + description: + - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'. + type: bool + vpn: + description: + - Controls portal access settings for interfaces that are part of a VPN Encryption Domain. + type: bool + send_alerts_to_server: + description: + - Server(s) to send alerts to. + type: list + elements: str + send_logs_to_backup_server: + description: + - Backup server(s) to send logs to. + type: list + elements: str + send_logs_to_server: + description: + - Server(s) to send logs to. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + threat_emulation: + description: + - Threat Emulation blade enabled. + type: bool + threat_extraction: + description: + - Threat Extraction blade enabled. + type: bool + threat_prevention_mode: + description: + - The mode of Threat Prevention to use. When using Autonomous Threat Prevention, disabling the Threat Prevention blades is not allowed. + type: str + choices: ['autonomous', 'custom'] + url_filtering: + description: + - URL Filtering blade enabled. + type: bool + usercheck_portal_settings: + description: + - UserCheck portal settings. + type: dict + suboptions: + enabled: + description: + - State of the web portal (enabled or disabled). The supported blades are, {'Application Control', 'URL Filtering', 'Data Loss + Prevention', 'Anti Virus', 'Anti Bot', 'Threat Emulation', 'Threat Extraction', 'Data Awareness'}. + type: bool + portal_web_settings: + description: + - Configuration of the portal web settings. + type: dict + suboptions: + aliases: + description: + - List of URL aliases that are redirected to the main portal URL. + type: list + elements: str + ip_address: + description: + - Optional, IP address for the web portal to use, if your DNS server fails to resolve the main portal URL. + Note, If your DNS server resolves the main portal URL, this IP address is ignored. + type: str + main_url: + description: + - The main URL for the web portal. + type: str + certificate_settings: + description: + - Configuration of the portal certificate settings. + type: dict + suboptions: + base64_certificate: + description: + - The certificate file encoded in Base64 with padding. This file must be in the *.p12 format. + type: str + base64_password: + description: + - Password (encoded in Base64 with padding) for the certificate file. + type: str + accessibility: + description: + - Configuration of the portal access settings. + type: dict + suboptions: + allow_access_from: + description: + - Allowed access to the web portal (based on interfaces, or security policy). + type: str + choices: ['rule_base', 'internal_interfaces', 'all_interfaces'] + internal_access_settings: + description: + - Configuration of the additional portal access settings for internal interfaces only. + type: dict + suboptions: + undefined: + description: + - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'. + type: bool + dmz: + description: + - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'. + type: bool + vpn: + description: + - Controls portal access settings for interfaces that are part of a VPN Encryption Domain. + type: bool + cluster_version: + description: + - Cluster platform version. + type: str + vpn: + description: + - VPN blade enabled. + type: bool + vpn_settings: + description: + - Gateway VPN settings. + type: dict + suboptions: + authentication: + description: + - Authentication. + type: dict + suboptions: + authentication_clients: + description: + - Collection of VPN Authentication clients identified by the name or UID. + type: list + elements: str + link_selection: + description: + - Link Selection. + type: dict + suboptions: + ip_selection: + description: + - N/A + type: str + choices: ['use-main-address', 'use-selected-address-from-topology', 'use-statically-nated-ip', + 'calculated-ip-based-on-topology', 'dns-resolving-from-hostname', 'dns-resolving-from-gateway-and-domain-name', + 'use-probing-with-high-availability', 'use-probing-with-load-sharing', 'use-one-time-probing'] + dns_resolving_hostname: + description: + - DNS Resolving Hostname. Must be set when "ip-selection" was selected to be "dns-resolving-from-hostname". + type: str + ip_address: + description: + - IP Address. Must be set when "ip-selection" was selected to be "use-selected-address-from-topology" or "use-statically-nated-ip". + type: str + maximum_concurrent_ike_negotiations: + description: + - N/A + type: int + maximum_concurrent_tunnels: + description: + - N/A + type: int + office_mode: + description: + - Office Mode. Notation Wide Impact - Office Mode apply IPSec VPN Software Blade clients and to the Mobile Access Software Blade clients. + type: dict + suboptions: + mode: + description: + - Office Mode Permissions.When selected to be "off", all the other definitions are irrelevant. + type: str + choices: ['off', 'specific-group', 'all-users'] + group: + description: + - Group. Identified by name or UID. Must be set when "office-mode-permissions" was selected to be "group". + type: str + allocate_ip_address_from: + description: + - Allocate IP address Method. + Allocate IP address by sequentially trying the given methods until success. + type: dict + suboptions: + radius_server: + description: + - Radius server used to authenticate the user. + type: bool + use_allocate_method: + description: + - Use Allocate Method. + type: bool + allocate_method: + description: + - Using either Manual (IP Pool) or Automatic (DHCP). + Must be set when "use-allocate-method" is true. + type: str + choices: ['manual', 'automatic'] + manual_network: + description: + - Manual Network. Identified by name or UID. + Must be set when "allocate-method" was selected to be "manual". + type: str + dhcp_server: + description: + - DHCP Server. Identified by name or UID. + Must be set when "allocate-method" was selected to be "automatic". + type: str + virtual_ip_address: + description: + - Virtual IPV4 address for DHCP server replies. + Must be set when "allocate-method" was selected to be "automatic". + type: str + dhcp_mac_address: + description: + - Calculated MAC address for DHCP allocation. + Must be set when "allocate-method" was selected to be "automatic". + type: str + choices: ['per-machine', 'per-user'] + optional_parameters: + description: + - This configuration applies to all Office Mode methods except Automatic (using DHCP) and ipassignment.conf entries which contain this data. + type: dict + suboptions: + use_primary_dns_server: + description: + - Use Primary DNS Server. + type: bool + primary_dns_server: + description: + - Primary DNS Server. Identified by name or UID. + Must be set when "use-primary-dns-server" is true and can not be set when "use-primary-dns-server" is false. + type: str + use_first_backup_dns_server: + description: + - Use First Backup DNS Server. + type: bool + first_backup_dns_server: + description: + - First Backup DNS Server. Identified by name or UID. + Must be set when "use-first-backup-dns-server" is true and can not be set when "use-first-backup-dns-server" is false. + type: str + use_second_backup_dns_server: + description: + - Use Second Backup DNS Server. + type: bool + second_backup_dns_server: + description: + - Second Backup DNS Server. Identified by name or UID. + Must be set when "use-second-backup-dns-server" is true and can not be set when "use-second-backup-dns-server" is false. + type: str + dns_suffixes: + description: + - DNS Suffixes. + type: str + use_primary_wins_server: + description: + - Use Primary WINS Server. + type: bool + primary_wins_server: + description: + - Primary WINS Server. Identified by name or UID. + Must be set when "use-primary-wins-server" is true and can not be set when "use-primary-wins-server" is false. + type: str + use_first_backup_wins_server: + description: + - Use First Backup WINS Server. + type: bool + first_backup_wins_server: + description: + - First Backup WINS Server. Identified by name or UID. + Must be set when "use-first-backup-wins-server" is true and can not be set when "use-first-backup-wins-server" is false. + type: str + use_second_backup_wins_server: + description: + - Use Second Backup WINS Server. + type: bool + second_backup_wins_server: + description: + - Second Backup WINS Server. Identified by name or UID. + Must be set when "use-second-backup-wins-server" is true and can not be set when "use-second-backup-wins-server" is false. + type: str + ip_lease_duration: + description: + - IP Lease Duration in Minutes. The value must be in the range 2-32767. + type: int + support_multiple_interfaces: + description: + - Support connectivity enhancement for gateways with multiple external interfaces. + type: bool + perform_anti_spoofing: + description: + - Perform Anti-Spoofing on Office Mode addresses. + type: bool + anti_spoofing_additional_addresses: + description: + - Additional IP Addresses for Anti-Spoofing. Identified by name or UID. + Must be set when "perform-anti-spoofings" is true. + type: str + remote_access: + description: + - Remote Access. + type: dict + suboptions: + support_l2tp: + description: + - Support L2TP (relevant only when office mode is active). + type: bool + l2tp_auth_method: + description: + - L2TP Authentication Method. + Must be set when "support-l2tp" is true. + type: str + choices: ['certificate', 'md5'] + l2tp_certificate: + description: + - L2TP Certificate. + Must be set when "l2tp-auth-method" was selected to be "certificate". + Insert "defaultCert" when you want to use the default certificate. + type: str + allow_vpn_clients_to_route_traffic: + description: + - Allow VPN clients to route traffic. + type: bool + support_nat_traversal_mechanism: + description: + - Support NAT traversal mechanism (UDP encapsulation). + type: bool + nat_traversal_service: + description: + - Allocated NAT traversal UDP service. Identified by name or UID. + Must be set when "support-nat-traversal-mechanism" is true. + type: str + support_visitor_mode: + description: + - Support Visitor Mode. + type: bool + visitor_mode_service: + description: + - TCP Service for Visitor Mode. Identified by name or UID. + Must be set when "support-visitor-mode" is true. + type: str + visitor_mode_interface: + description: + - Interface for Visitor Mode. + Must be set when "support-visitor-mode" is true. + Insert IPV4 Address of existing interface or "All IPs" when you want all interfaces. + type: str + vpn_domain: + description: + - Gateway VPN domain identified by the name or UID. + type: str + vpn_domain_type: + description: + - Gateway VPN domain type. + type: str + choices: ['manual', 'addresses_behind_gw'] + show_portals_certificate: + description: + - Indicates whether to show the portals certificate value in the reply. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-simple-cluster + cp_mgmt_simple_cluster: + cluster_mode: cluster-xl-ha + color: yellow + firewall: true + interfaces: + - anti_spoofing: true + interface_type: cluster + ip_address: 17.23.5.1 + name: eth0 + network_mask: 255.255.255.0 + topology: EXTERNAL + - interface_type: sync + name: eth1 + topology: INTERNAL + topology_settings: + interface_leads_to_dmz: false + ip_address_behind_this_interface: network defined by the interface ip and net + mask + - anti_spoofing: true + interface_type: cluster + ip_address: 192.168.1.1 + name: eth2 + network_mask: 255.255.255.0 + topology: INTERNAL + topology_settings: + interface_leads_to_dmz: false + ip_address_behind_this_interface: network defined by the interface ip and net + mask + ip_address: 17.23.5.1 + members: + - interfaces: + - ip_address: 17.23.5.2 + name: eth0 + network_mask: 255.255.255.0 + - ip_address: 1.1.2.4 + name: eth1 + network_mask: 255.255.255.0 + - ip_address: 192.168.1.2 + name: eth2 + network_mask: 255.255.255.0 + ip_address: 17.23.5.2 + name: member1 + one_time_password: abcd + - interfaces: + - ip_address: 17.23.5.3 + name: eth0 + network_mask: 255.255.255.0 + - ip_address: 1.1.2.5 + name: eth1 + network_mask: 255.255.255.0 + - ip_address: 192.168.1.3 + name: eth2 + network_mask: 255.255.255.0 + ip_address: 17.23.5.3 + name: member2 + one_time_password: abcd + name: cluster1 + os_name: Gaia + state: present + cluster_version: R80.30 + +- name: set-simple-cluster + cp_mgmt_simple_cluster: + name: cluster1 + state: present + +- name: delete-simple-cluster + cp_mgmt_simple_cluster: + name: cluster1 + state: absent +""" + +RETURN = """ +cp_mgmt_simple_cluster: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + anti_bot=dict(type='bool'), + anti_virus=dict(type='bool'), + application_control=dict(type='bool'), + cluster_mode=dict(type='str', choices=['cluster-xl-ha', 'cluster-ls-multicast', 'cluster-ls-unicast', 'opsec-ha', 'opsec-ls']), + content_awareness=dict(type='bool'), + firewall=dict(type='bool'), + firewall_settings=dict(type='dict', options=dict( + auto_calculate_connections_hash_table_size_and_memory_pool=dict(type='bool'), + auto_maximum_limit_for_concurrent_connections=dict(type='bool'), + connections_hash_size=dict(type='int'), + maximum_limit_for_concurrent_connections=dict(type='int'), + maximum_memory_pool_size=dict(type='int'), + memory_pool_size=dict(type='int') + )), + hardware=dict(type='str'), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + interface_type=dict(type='str', choices=['cluster', 'sync', 'cluster + sync', 'private']), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + network_mask=dict(type='str'), + ipv4_network_mask=dict(type='str'), + ipv6_network_mask=dict(type='str'), + mask_length=dict(type='str'), + ipv4_mask_length=dict(type='str'), + ipv6_mask_length=dict(type='str'), + anti_spoofing=dict(type='bool'), + anti_spoofing_settings=dict(type='dict', options=dict( + action=dict(type='str', choices=['prevent', 'detect']), + exclude_packets=dict(type='bool'), + excluded_network_name=dict(type='str'), + excluded_network_uid=dict(type='str'), + spoof_tracking=dict(type='str', choices=['none', 'log', 'alert']) + )), + multicast_address=dict(type='str'), + multicast_address_type=dict(type='str', choices=['manual', 'default']), + security_zone=dict(type='bool'), + security_zone_settings=dict(type='dict', options=dict( + auto_calculated=dict(type='bool'), + specific_zone=dict(type='str') + )), + tags=dict(type='list', elements='str'), + topology=dict(type='str', choices=['automatic', 'external', 'internal']), + topology_settings=dict(type='dict', options=dict( + interface_leads_to_dmz=dict(type='bool'), + ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', + 'network defined by routing', 'specific']), + specific_network=dict(type='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + ips=dict(type='bool'), + members=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + anti_spoofing=dict(type='bool'), + anti_spoofing_settings=dict(type='dict', options=dict( + action=dict(type='str', choices=['prevent', 'detect']), + exclude_packets=dict(type='bool'), + excluded_network_name=dict(type='str'), + excluded_network_uid=dict(type='str'), + spoof_tracking=dict(type='str', choices=['none', 'log', 'alert']) + )), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + network_mask=dict(type='str'), + ipv4_network_mask=dict(type='str'), + ipv6_network_mask=dict(type='str'), + mask_length=dict(type='str'), + ipv4_mask_length=dict(type='str'), + ipv6_mask_length=dict(type='str'), + security_zone=dict(type='bool'), + security_zone_settings=dict(type='dict', options=dict( + auto_calculated=dict(type='bool'), + specific_zone=dict(type='str') + )), + tags=dict(type='list', elements='str'), + topology=dict(type='str', choices=['automatic', 'external', 'internal']), + topology_settings=dict(type='dict', options=dict( + interface_leads_to_dmz=dict(type='bool'), + ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', + 'network defined by routing', 'specific']), + specific_network=dict(type='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', + 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', + 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + one_time_password=dict(type='str', no_log=True), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + os_name=dict(type='str'), + platform_portal_settings=dict(type='dict', options=dict( + portal_web_settings=dict(type='dict', options=dict( + aliases=dict(type='list', elements='str'), + ip_address=dict(type='str'), + main_url=dict(type='str') + )), + certificate_settings=dict(type='dict', options=dict( + base64_certificate=dict(type='str'), + base64_password=dict(type='str', no_log=True) + )), + accessibility=dict(type='dict', options=dict( + allow_access_from=dict(type='str', choices=['rule_base', 'internal_interfaces', 'all_interfaces']), + internal_access_settings=dict(type='dict', options=dict( + undefined=dict(type='bool'), + dmz=dict(type='bool'), + vpn=dict(type='bool') + )) + )) + )), + send_alerts_to_server=dict(type='list', elements='str'), + send_logs_to_backup_server=dict(type='list', elements='str'), + send_logs_to_server=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + threat_emulation=dict(type='bool'), + threat_extraction=dict(type='bool'), + threat_prevention_mode=dict(type='str', choices=['autonomous', 'custom']), + url_filtering=dict(type='bool'), + usercheck_portal_settings=dict(type='dict', options=dict( + enabled=dict(type='bool'), + portal_web_settings=dict(type='dict', options=dict( + aliases=dict(type='list', elements='str'), + ip_address=dict(type='str'), + main_url=dict(type='str') + )), + certificate_settings=dict(type='dict', options=dict( + base64_certificate=dict(type='str'), + base64_password=dict(type='str', no_log=True) + )), + accessibility=dict(type='dict', options=dict( + allow_access_from=dict(type='str', choices=['rule_base', 'internal_interfaces', 'all_interfaces']), + internal_access_settings=dict(type='dict', options=dict( + undefined=dict(type='bool'), + dmz=dict(type='bool'), + vpn=dict(type='bool') + )) + )) + )), + cluster_version=dict(type='str'), + vpn=dict(type='bool'), + vpn_settings=dict(type='dict', options=dict( + authentication=dict(type='dict', options=dict( + authentication_clients=dict(type='list', elements='str') + )), + link_selection=dict(type='dict', options=dict( + ip_selection=dict(type='str', choices=['use-main-address', + 'use-selected-address-from-topology', 'use-statically-nated-ip', 'calculated-ip-based-on-topology', + 'dns-resolving-from-hostname', 'dns-resolving-from-gateway-and-domain-name', + 'use-probing-with-high-availability', 'use-probing-with-load-sharing', 'use-one-time-probing']), + dns_resolving_hostname=dict(type='str'), + ip_address=dict(type='str') + )), + maximum_concurrent_ike_negotiations=dict(type='int'), + maximum_concurrent_tunnels=dict(type='int'), + office_mode=dict(type='dict', options=dict( + mode=dict(type='str', choices=['off', 'specific-group', 'all-users']), + group=dict(type='str'), + allocate_ip_address_from=dict(type='dict', options=dict( + radius_server=dict(type='bool'), + use_allocate_method=dict(type='bool'), + allocate_method=dict(type='str', choices=['manual', 'automatic']), + manual_network=dict(type='str'), + dhcp_server=dict(type='str'), + virtual_ip_address=dict(type='str'), + dhcp_mac_address=dict(type='str', choices=['per-machine', 'per-user']), + optional_parameters=dict(type='dict', options=dict( + use_primary_dns_server=dict(type='bool'), + primary_dns_server=dict(type='str'), + use_first_backup_dns_server=dict(type='bool'), + first_backup_dns_server=dict(type='str'), + use_second_backup_dns_server=dict(type='bool'), + second_backup_dns_server=dict(type='str'), + dns_suffixes=dict(type='str'), + use_primary_wins_server=dict(type='bool'), + primary_wins_server=dict(type='str'), + use_first_backup_wins_server=dict(type='bool'), + first_backup_wins_server=dict(type='str'), + use_second_backup_wins_server=dict(type='bool'), + second_backup_wins_server=dict(type='str'), + ip_lease_duration=dict(type='int') + )) + )), + support_multiple_interfaces=dict(type='bool'), + perform_anti_spoofing=dict(type='bool'), + anti_spoofing_additional_addresses=dict(type='str') + )), + remote_access=dict(type='dict', options=dict( + support_l2tp=dict(type='bool'), + l2tp_auth_method=dict(type='str', choices=['certificate', 'md5']), + l2tp_certificate=dict(type='str'), + allow_vpn_clients_to_route_traffic=dict(type='bool'), + support_nat_traversal_mechanism=dict(type='bool'), + nat_traversal_service=dict(type='str'), + support_visitor_mode=dict(type='bool'), + visitor_mode_service=dict(type='str'), + visitor_mode_interface=dict(type='str') + )), + vpn_domain=dict(type='str'), + vpn_domain_type=dict(type='str', choices=['manual', 'addresses_behind_gw']) + )), + show_portals_certificate=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'simple-cluster' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py new file mode 100644 index 000000000..c422eabf1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py @@ -0,0 +1,156 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_simple_cluster_facts +short_description: Get simple-cluster objects facts on Checkpoint over Web Services API +description: + - Get simple-cluster objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + limit_interfaces: + description: + - Limit number of interfaces to show. Default is 50. + type: int + show_portals_certificate: + description: + - Indicates whether to show the portals certificate value in the reply. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-simple-cluster + cp_mgmt_simple_cluster_facts: + name: cluster1 + +- name: show-simple-clusters + cp_mgmt_simple_cluster_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + limit_interfaces=dict(type='int'), + show_portals_certificate=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "simple-cluster" + api_call_object_plural_version = "simple-clusters" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py new file mode 100644 index 000000000..ce530d3f3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py @@ -0,0 +1,637 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_simple_gateway +short_description: Manages simple-gateway objects on Check Point over Web Services API +description: + - Manages simple-gateway objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + anti_bot: + description: + - Anti-Bot blade enabled. + type: bool + anti_virus: + description: + - Anti-Virus blade enabled. + type: bool + application_control: + description: + - Application Control blade enabled. + type: bool + content_awareness: + description: + - Content Awareness blade enabled. + type: bool + firewall: + description: + - Firewall blade enabled. + type: bool + firewall_settings: + description: + - N/A + type: dict + suboptions: + auto_calculate_connections_hash_table_size_and_memory_pool: + description: + - N/A + type: bool + auto_maximum_limit_for_concurrent_connections: + description: + - N/A + type: bool + connections_hash_size: + description: + - N/A + type: int + maximum_limit_for_concurrent_connections: + description: + - N/A + type: int + maximum_memory_pool_size: + description: + - N/A + type: int + memory_pool_size: + description: + - N/A + type: int + interfaces: + description: + - Network interfaces. When a gateway is updated with a new interfaces, the existing interfaces are removed. + type: list + elements: dict + suboptions: + name: + description: + - Object name. + type: str + anti_spoofing: + description: + - N/A + type: bool + anti_spoofing_settings: + description: + - N/A + type: dict + suboptions: + action: + description: + - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option). + type: str + choices: ['prevent', 'detect'] + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + network_mask: + description: + - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of + providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use + ipv4-mask-length and ipv6-mask-length fields explicitly. + type: str + ipv4_network_mask: + description: + - IPv4 network address. + type: str + ipv6_network_mask: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. + type: str + ipv4_mask_length: + description: + - IPv4 network mask length. + type: str + ipv6_mask_length: + description: + - IPv6 network mask length. + type: str + security_zone: + description: + - N/A + type: bool + security_zone_settings: + description: + - N/A + type: dict + suboptions: + auto_calculated: + description: + - Security Zone is calculated according to where the interface leads to. + type: bool + specific_zone: + description: + - Security Zone specified manually. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + topology: + description: + - N/A + type: str + choices: ['automatic', 'external', 'internal'] + topology_settings: + description: + - N/A + type: dict + suboptions: + interface_leads_to_dmz: + description: + - Whether this interface leads to demilitarized zone (perimeter network). + type: bool + ip_address_behind_this_interface: + description: + - N/A + type: str + choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific'] + specific_network: + description: + - Network behind this interface. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + ips: + description: + - Intrusion Prevention System blade enabled. + type: bool + logs_settings: + description: + - N/A + type: dict + suboptions: + alert_when_free_disk_space_below: + description: + - N/A + type: bool + alert_when_free_disk_space_below_threshold: + description: + - N/A + type: int + alert_when_free_disk_space_below_type: + description: + - N/A + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + before_delete_keep_logs_from_the_last_days: + description: + - N/A + type: bool + before_delete_keep_logs_from_the_last_days_threshold: + description: + - N/A + type: int + before_delete_run_script: + description: + - N/A + type: bool + before_delete_run_script_command: + description: + - N/A + type: str + delete_index_files_older_than_days: + description: + - N/A + type: bool + delete_index_files_older_than_days_threshold: + description: + - N/A + type: int + delete_index_files_when_index_size_above: + description: + - N/A + type: bool + delete_index_files_when_index_size_above_threshold: + description: + - N/A + type: int + delete_when_free_disk_space_below: + description: + - N/A + type: bool + delete_when_free_disk_space_below_threshold: + description: + - N/A + type: int + detect_new_citrix_ica_application_names: + description: + - N/A + type: bool + forward_logs_to_log_server: + description: + - N/A + type: bool + forward_logs_to_log_server_name: + description: + - N/A + type: str + forward_logs_to_log_server_schedule_name: + description: + - N/A + type: str + free_disk_space_metrics: + description: + - N/A + type: str + choices: ['mbytes', 'percent'] + perform_log_rotate_before_log_forwarding: + description: + - N/A + type: bool + reject_connections_when_free_disk_space_below_threshold: + description: + - N/A + type: bool + reserve_for_packet_capture_metrics: + description: + - N/A + type: str + choices: ['percent', 'mbytes'] + reserve_for_packet_capture_threshold: + description: + - N/A + type: int + rotate_log_by_file_size: + description: + - N/A + type: bool + rotate_log_file_size_threshold: + description: + - N/A + type: int + rotate_log_on_schedule: + description: + - N/A + type: bool + rotate_log_schedule_name: + description: + - N/A + type: str + stop_logging_when_free_disk_space_below: + description: + - N/A + type: bool + stop_logging_when_free_disk_space_below_threshold: + description: + - N/A + type: int + turn_on_qos_logging: + description: + - N/A + type: bool + update_account_log_every: + description: + - N/A + type: int + one_time_password: + description: + - N/A + type: str + os_name: + description: + - Gateway platform operating system. + type: str + save_logs_locally: + description: + - Save logs locally on the gateway. + type: bool + send_alerts_to_server: + description: + - Server(s) to send alerts to. + type: list + elements: str + send_logs_to_backup_server: + description: + - Backup server(s) to send logs to. + type: list + elements: str + send_logs_to_server: + description: + - Server(s) to send logs to. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + threat_emulation: + description: + - Threat Emulation blade enabled. + type: bool + threat_extraction: + description: + - Threat Extraction blade enabled. + type: bool + url_filtering: + description: + - URL Filtering blade enabled. + type: bool + gateway_version: + description: + - Gateway platform version. + type: str + vpn: + description: + - VPN blade enabled. + type: bool + vpn_settings: + description: + - Gateway VPN settings. + type: dict + suboptions: + maximum_concurrent_ike_negotiations: + description: + - N/A + type: int + maximum_concurrent_tunnels: + description: + - N/A + type: int + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-simple-gateway + cp_mgmt_simple_gateway: + ip_address: 192.0.2.1 + name: gw1 + state: present + +- name: set-simple-gateway + cp_mgmt_simple_gateway: + anti_bot: true + anti_virus: true + application_control: true + ips: true + name: test_gateway + state: present + threat_emulation: true + url_filtering: true + +- name: delete-simple-gateway + cp_mgmt_simple_gateway: + name: gw1 + state: absent +""" + +RETURN = """ +cp_mgmt_simple_gateway: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + anti_bot=dict(type='bool'), + anti_virus=dict(type='bool'), + application_control=dict(type='bool'), + content_awareness=dict(type='bool'), + firewall=dict(type='bool'), + firewall_settings=dict(type='dict', options=dict( + auto_calculate_connections_hash_table_size_and_memory_pool=dict(type='bool'), + auto_maximum_limit_for_concurrent_connections=dict(type='bool'), + connections_hash_size=dict(type='int'), + maximum_limit_for_concurrent_connections=dict(type='int'), + maximum_memory_pool_size=dict(type='int'), + memory_pool_size=dict(type='int') + )), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + anti_spoofing=dict(type='bool'), + anti_spoofing_settings=dict(type='dict', options=dict( + action=dict(type='str', choices=['prevent', 'detect']) + )), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + network_mask=dict(type='str'), + ipv4_network_mask=dict(type='str'), + ipv6_network_mask=dict(type='str'), + mask_length=dict(type='str'), + ipv4_mask_length=dict(type='str'), + ipv6_mask_length=dict(type='str'), + security_zone=dict(type='bool'), + security_zone_settings=dict(type='dict', options=dict( + auto_calculated=dict(type='bool'), + specific_zone=dict(type='str') + )), + tags=dict(type='list', elements='str'), + topology=dict(type='str', choices=['automatic', 'external', 'internal']), + topology_settings=dict(type='dict', options=dict( + interface_leads_to_dmz=dict(type='bool'), + ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', + 'network defined by routing', 'specific']), + specific_network=dict(type='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', + 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', + 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + ips=dict(type='bool'), + logs_settings=dict(type='dict', options=dict( + alert_when_free_disk_space_below=dict(type='bool'), + alert_when_free_disk_space_below_threshold=dict(type='int'), + alert_when_free_disk_space_below_type=dict(type='str', choices=['none', + 'log', 'popup alert', 'mail alert', 'snmp trap alert', + 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + before_delete_keep_logs_from_the_last_days=dict(type='bool'), + before_delete_keep_logs_from_the_last_days_threshold=dict(type='int'), + before_delete_run_script=dict(type='bool'), + before_delete_run_script_command=dict(type='str'), + delete_index_files_older_than_days=dict(type='bool'), + delete_index_files_older_than_days_threshold=dict(type='int'), + delete_index_files_when_index_size_above=dict(type='bool'), + delete_index_files_when_index_size_above_threshold=dict(type='int'), + delete_when_free_disk_space_below=dict(type='bool'), + delete_when_free_disk_space_below_threshold=dict(type='int'), + detect_new_citrix_ica_application_names=dict(type='bool'), + forward_logs_to_log_server=dict(type='bool'), + forward_logs_to_log_server_name=dict(type='str'), + forward_logs_to_log_server_schedule_name=dict(type='str'), + free_disk_space_metrics=dict(type='str', choices=['mbytes', 'percent']), + perform_log_rotate_before_log_forwarding=dict(type='bool'), + reject_connections_when_free_disk_space_below_threshold=dict(type='bool'), + reserve_for_packet_capture_metrics=dict(type='str', choices=['percent', 'mbytes']), + reserve_for_packet_capture_threshold=dict(type='int'), + rotate_log_by_file_size=dict(type='bool'), + rotate_log_file_size_threshold=dict(type='int'), + rotate_log_on_schedule=dict(type='bool'), + rotate_log_schedule_name=dict(type='str'), + stop_logging_when_free_disk_space_below=dict(type='bool'), + stop_logging_when_free_disk_space_below_threshold=dict(type='int'), + turn_on_qos_logging=dict(type='bool'), + update_account_log_every=dict(type='int') + )), + one_time_password=dict(type='str', no_log=True), + os_name=dict(type='str'), + save_logs_locally=dict(type='bool'), + send_alerts_to_server=dict(type='list', elements='str'), + send_logs_to_backup_server=dict(type='list', elements='str'), + send_logs_to_server=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + threat_emulation=dict(type='bool'), + threat_extraction=dict(type='bool'), + url_filtering=dict(type='bool'), + gateway_version=dict(type='str'), + vpn=dict(type='bool'), + vpn_settings=dict(type='dict', options=dict( + maximum_concurrent_ike_negotiations=dict(type='int'), + maximum_concurrent_tunnels=dict(type='int') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'simple-gateway' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py new file mode 100644 index 000000000..cdccabb18 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_simple_gateway_facts +short_description: Get simple-gateway objects facts on Check Point over Web Services API +description: + - Get simple-gateway objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-simple-gateway + cp_mgmt_simple_gateway_facts: + name: gw1 + +- name: show-simple-gateways + cp_mgmt_simple_gateway_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "simple-gateway" + api_call_object_plural_version = "simple-gateways" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py new file mode 100644 index 000000000..7feb0b7e1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py @@ -0,0 +1,171 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_smtp_server +short_description: Manages smtp-server objects on Checkpoint over Web Services API +description: + - Manages smtp-server objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + port: + description: + - The SMTP port to use. + type: int + server: + description: + - The SMTP server address. + type: str + password: + description: + - A password for the SMTP server. + type: str + username: + description: + - A username for the SMTP server. + type: str + authentication: + description: + - Does the mail server requires authentication. + type: bool + encryption: + description: + - Encryption type. + type: str + choices: ['none', 'ssl', 'tls'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-smtp-server + cp_mgmt_smtp_server: + encryption: none + name: SMTP1 + port: '25' + server: smtp.example.com + state: present + +- name: set-smtp-server + cp_mgmt_smtp_server: + name: SMTP + port: '25' + server: smtp.example.com + state: present + +- name: delete-smtp-server + cp_mgmt_smtp_server: + name: SMTP + state: absent +""" + +RETURN = """ +cp_mgmt_smtp_server: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + port=dict(type='int'), + server=dict(type='str'), + password=dict(type='str', no_log=True), + username=dict(type='str'), + authentication=dict(type='bool'), + encryption=dict(type='str', choices=['none', 'ssl', 'tls']), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'smtp-server' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py new file mode 100644 index 000000000..b574885fd --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_smtp_server_facts +short_description: Get smtp-server objects facts on Checkpoint over Web Services API +description: + - Get smtp-server objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-smtp-server + cp_mgmt_smtp_server_facts: + name: SMTP + +- name: show-smtp-servers + cp_mgmt_smtp_server_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "smtp-server" + api_call_object_plural_version = "smtp-servers" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py new file mode 100644 index 000000000..0dfdd0f5e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py @@ -0,0 +1,77 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_submit_session +short_description: Workflow feature - Submit the session for approval. +description: + - Workflow feature - Submit the session for approval. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uid: + description: + - Session unique identifier. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: submit-session + cp_mgmt_submit_session: + uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +""" + +RETURN = """ +cp_mgmt_submit_session: + description: The checkpoint submit-session output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uid=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "submit-session" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py new file mode 100644 index 000000000..07bc150ce --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_tag +short_description: Manages tag objects on Check Point over Web Services API +description: + - Manages tag objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-tag + cp_mgmt_tag: + name: My New Tag1 + state: present + tags: + - tag1 + - tag2 + +- name: delete-tag + cp_mgmt_tag: + name: My New Tag1 + state: absent +""" + +RETURN = """ +cp_mgmt_tag: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'tag' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py new file mode 100644 index 000000000..942e1415b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py @@ -0,0 +1,124 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_tag_facts +short_description: Get tag objects facts on Check Point over Web Services API +description: + - Get tag objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-tag + cp_mgmt_tag_facts: + name: f96b37ec-e22e-4945-8bbf-d37b117914e0 + +- name: show-tags + cp_mgmt_tag_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "tag" + api_call_object_plural_version = "tags" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py new file mode 100644 index 000000000..2eb7dbf0a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py @@ -0,0 +1,82 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_test_sic_status +short_description: Test SIC Status reflects the state of the gateway after it has received the certificate issued by the + ICA. If the SIC status is Unknown then there is no connection between the gateway and the Security + Management Server. If the SIC status is No Communication, an error message will appear. It may + contain specific instructions on how to fix the situation. +description: + - Test SIC Status reflects the state of the gateway after it has received the certificate issued by the ICA. If the SIC status is Unknown then there is + no connection between the gateway and the Security Management Server. If the SIC status is No Communication, an error message will appear. It may contain + specific instructions on how to fix the situation. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Gateway, cluster member or Check Point host name. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: test-sic-status + cp_mgmt_test_sic_status: + name: gw1 +""" + +RETURN = """ +cp_mgmt_test_sic_status: + description: The checkpoint test-sic-status output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "test-sic-status" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py new file mode 100644 index 000000000..b6ea57f63 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py @@ -0,0 +1,219 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_exception +short_description: Manages threat-exception objects on Check Point over Web Services API +description: + - Manages threat-exception objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the exception. + type: str + required: True + position: + description: + - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent. + type: str + exception_group_uid: + description: + - The UID of the exception-group. + type: str + exception_group_name: + description: + - The name of the exception-group. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + rule_name: + description: + - The name of the parent rule. + type: str + action: + description: + - Action-the enforced profile. + type: str + destination: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + destination_negate: + description: + - True if negate is set for destination. + type: bool + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + protected_scope: + description: + - Collection of objects defining Protected Scope identified by the name or UID. + type: list + elements: str + protected_scope_negate: + description: + - True if negate is set for Protected Scope. + type: bool + protection_or_site: + description: + - Name of the protection or site. + type: list + elements: str + service: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + service_negate: + description: + - True if negate is set for Service. + type: bool + source: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + source_negate: + description: + - True if negate is set for source. + type: bool + track: + description: + - Packet tracking. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-exception + cp_mgmt_threat_exception: + layer: New Layer 1 + name: Exception Rule + position: 1 + protected_scope: All_Internet + rule_name: Threat Rule 1 + state: present + track: Log + +- name: set-threat-exception + cp_mgmt_threat_exception: + layer: New Layer 1 + name: Exception Rule + rule_name: Threat Rule 1 + state: present + +- name: delete-threat-exception + cp_mgmt_threat_exception: + name: Exception Rule + layer: New Layer 1 + rule_name: Threat Rule 1 + state: absent +""" + +RETURN = """ +cp_mgmt_threat_exception: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + position=dict(type='str'), + exception_group_uid=dict(type='str'), + exception_group_name=dict(type='str'), + layer=dict(type='str'), + rule_name=dict(type='str'), + action=dict(type='str'), + destination=dict(type='list', elements='str'), + destination_negate=dict(type='bool'), + enabled=dict(type='bool'), + install_on=dict(type='list', elements='str'), + protected_scope=dict(type='list', elements='str'), + protected_scope_negate=dict(type='bool'), + protection_or_site=dict(type='list', elements='str'), + service=dict(type='list', elements='str'), + service_negate=dict(type='bool'), + source=dict(type='list', elements='str'), + source_negate=dict(type='bool'), + track=dict(type='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-exception' + + if module.params['position'] is None: + result = api_call(module, api_call_object) + else: + result = api_call_for_rule(module, api_call_object) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py new file mode 100644 index 000000000..1455df234 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py @@ -0,0 +1,223 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_exception_facts +short_description: Get threat-exception objects facts on Check Point over Web Services API +description: + - Get threat-exception objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the layer containing the parent threat rule. + This parameter is relevant only for getting few objects. + type: str + exception_group_uid: + description: + - The UID of the exception-group. + type: str + exception_group_name: + description: + - The name of the exception-group. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + rule_name: + description: + - The name of the parent rule. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + package: + description: + - Name of the package. + type: str + use_object_dictionary: + description: + - N/A + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-exception + cp_mgmt_threat_exception_facts: + name: Exception Rule + layer: New Layer 1 + rule_name: Threat Rule 1 + +- name: show-threat-rule-exception-rulebase + cp_mgmt_threat_exception_facts: + name: Standard Threat Prevention + rule_name: Threat Rule 1 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + exception_group_uid=dict(type='str'), + exception_group_name=dict(type='str'), + layer=dict(type='str'), + rule_name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + package=dict(type='str'), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "threat-exception" + api_call_object_plural_version = "threat-rule-exception-rulebase" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py new file mode 100644 index 000000000..67772aef5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py @@ -0,0 +1,274 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_indicator +short_description: Manages threat-indicator objects on Check Point over Web Services API +description: + - Manages threat-indicator objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + observables: + description: + - The indicator's observables. + type: list + elements: dict + suboptions: + name: + description: + - Object name. Should be unique in the domain. + type: str + md5: + description: + - A valid MD5 sequence. + type: str + url: + description: + - A valid URL. + type: str + ip_address: + description: + - A valid IP-Address. + type: str + ip_address_first: + description: + - A valid IP-Address, the beginning of the range. If you configure this parameter with a value, you must also configure the value of the + 'ip-address-last' parameter. + type: str + ip_address_last: + description: + - A valid IP-Address, the end of the range. If you configure this parameter with a value, you must also configure the value of the + 'ip-address-first' parameter. + type: str + domain: + description: + - The name of a domain. + type: str + mail_to: + description: + - A valid E-Mail address, recipient filed. + type: str + mail_from: + description: + - A valid E-Mail address, sender field. + type: str + mail_cc: + description: + - A valid E-Mail address, cc field. + type: str + mail_reply_to: + description: + - A valid E-Mail address, reply-to field. + type: str + mail_subject: + description: + - Subject of E-Mail. + type: str + confidence: + description: + - The confidence level the indicator has that a real threat has been uncovered. + type: str + choices: ['low', 'medium', 'high', 'critical'] + product: + description: + - The software blade that processes the observable, AV - AntiVirus, AB - AntiBot. + type: str + choices: ['AV', 'AB'] + severity: + description: + - The severity level of the threat. + type: str + choices: ['low', 'medium', 'high', 'critical'] + comments: + description: + - Comments string. + type: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + observables_raw_data: + description: + - The contents of a file containing the indicator's observables. + type: str + action: + description: + - The indicator's action. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + profile_overrides: + description: + - Profiles in which to override the indicator's default action. + type: list + elements: dict + suboptions: + action: + description: + - The indicator's action in this profile. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + profile: + description: + - The profile in which to override the indicator's action. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-indicator + cp_mgmt_threat_indicator: + action: ask + ignore_warnings: true + name: My_Indicator + observables: + - confidence: medium + mail_to: someone@somewhere.com + name: My_Observable + product: AV + severity: low + profile_overrides: + - action: detect + profile: My_Profile + state: present + +- name: set-threat-indicator + cp_mgmt_threat_indicator: + action: prevent + ignore_warnings: true + name: My_Indicator + state: present + +- name: delete-threat-indicator + cp_mgmt_threat_indicator: + name: My_Indicator + state: absent +""" + +RETURN = """ +cp_mgmt_threat_indicator: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + observables=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + md5=dict(type='str'), + url=dict(type='str'), + ip_address=dict(type='str'), + ip_address_first=dict(type='str'), + ip_address_last=dict(type='str'), + domain=dict(type='str'), + mail_to=dict(type='str'), + mail_from=dict(type='str'), + mail_cc=dict(type='str'), + mail_reply_to=dict(type='str'), + mail_subject=dict(type='str'), + confidence=dict(type='str', choices=['low', 'medium', 'high', 'critical']), + product=dict(type='str', choices=['AV', 'AB']), + severity=dict(type='str', choices=['low', 'medium', 'high', 'critical']), + comments=dict(type='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + observables_raw_data=dict(type='str'), + action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + profile_overrides=dict(type='list', elements='dict', options=dict( + action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + profile=dict(type='str') + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-indicator' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py new file mode 100644 index 000000000..3d441c435 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py @@ -0,0 +1,124 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_indicator_facts +short_description: Get threat-indicator objects facts on Check Point over Web Services API +description: + - Get threat-indicator objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-indicator + cp_mgmt_threat_indicator_facts: + name: My_Indicator + +- name: show-threat-indicators + cp_mgmt_threat_indicator_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "threat-indicator" + api_call_object_plural_version = "threat-indicators" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py new file mode 100644 index 000000000..991b533ef --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py @@ -0,0 +1,128 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_layer +short_description: Manages threat-layer objects on Check Point over Web Services API +description: + - Manages threat-layer objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + add_default_rule: + description: + - Indicates whether to include a default rule in the new layer. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-layer + cp_mgmt_threat_layer: + name: New Layer 1 + state: present + +- name: delete-threat-layer + cp_mgmt_threat_layer: + name: New Layer 2 + state: absent +""" + +RETURN = """ +cp_mgmt_threat_layer: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + add_default_rule=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-layer' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py new file mode 100644 index 000000000..c432b56ec --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_layer_facts +short_description: Get threat-layer objects facts on Check Point over Web Services API +description: + - Get threat-layer objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-layer + cp_mgmt_threat_layer_facts: + name: New Layer 1 + +- name: show-threat-layers + cp_mgmt_threat_layer_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "threat-layer" + api_call_object_plural_version = "threat-layers" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py new file mode 100644 index 000000000..e41b82c84 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py @@ -0,0 +1,406 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_profile +short_description: Manages threat-profile objects on Check Point over Web Services API +description: + - Manages threat-profile objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + active_protections_performance_impact: + description: + - Protections with this performance impact only will be activated in the profile. + type: str + choices: ['high', 'medium', 'low', 'very_low'] + active_protections_severity: + description: + - Protections with this severity only will be activated in the profile. + type: str + choices: ['Critical', 'High', 'Medium or above', 'Low or above'] + confidence_level_high: + description: + - Action for protections with high confidence level. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + confidence_level_low: + description: + - Action for protections with low confidence level. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + confidence_level_medium: + description: + - Action for protections with medium confidence level. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + indicator_overrides: + description: + - Indicators whose action will be overridden in this profile. + type: list + elements: dict + suboptions: + action: + description: + - The indicator's action in this profile. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + indicator: + description: + - The indicator whose action is to be overridden. + type: str + ips_settings: + description: + - IPS blade settings. + type: dict + suboptions: + exclude_protection_with_performance_impact: + description: + - Whether to exclude protections depending on their level of performance impact. + type: bool + exclude_protection_with_performance_impact_mode: + description: + - Exclude protections with this level of performance impact. + type: str + choices: ['very low', 'low or lower', 'medium or lower', 'high or lower'] + exclude_protection_with_severity: + description: + - Whether to exclude protections depending on their level of severity. + type: bool + exclude_protection_with_severity_mode: + description: + - Exclude protections with this level of severity. + type: str + choices: ['low or above', 'medium or above', 'high or above', 'critical'] + newly_updated_protections: + description: + - Activation of newly updated protections. + type: str + choices: ['active', 'inactive', 'staging'] + malicious_mail_policy_settings: + description: + - Malicious Mail Policy for MTA Gateways. + type: dict + suboptions: + add_customized_text_to_email_body: + description: + - Add customized text to the malicious email body. + type: bool + add_email_subject_prefix: + description: + - Add a prefix to the malicious email subject. + type: bool + add_x_header_to_email: + description: + - Add an X-Header to the malicious email. + type: bool + email_action: + description: + - Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and + links, add x-header, etc...). + type: str + choices: ['allow', 'block'] + email_body_customized_text: + description: + - Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict. + type: str + email_subject_prefix_text: + description: + - Prefix for the malicious email subject. + type: str + failed_to_scan_attachments_text: + description: + - Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file + name.<br> $md5$ - MD5 of the malicious file. + type: str + malicious_attachments_text: + description: + - Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - + MD5 of the malicious file. + type: str + malicious_links_text: + description: + - Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link. + type: str + remove_attachments_and_links: + description: + - Remove attachments and links from the malicious email. + type: bool + send_copy: + description: + - Send a copy of the malicious email to the recipient list. + type: bool + send_copy_list: + description: + - Recipient list to send a copy of the malicious email. + type: list + elements: str + overrides: + description: + - Overrides per profile for this protection. + type: list + elements: dict + suboptions: + action: + description: + - Protection action. + type: str + choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept'] + protection: + description: + - IPS protection identified by name or UID. + type: str + capture_packets: + description: + - Capture packets. + type: bool + track: + description: + - Tracking method for protection. + type: str + choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_indicators: + description: + - Indicates whether the profile should make use of indicators. + type: bool + anti_bot: + description: + - Is Anti-Bot blade activated. + type: bool + anti_virus: + description: + - Is Anti-Virus blade activated. + type: bool + ips: + description: + - Is IPS blade activated. + type: bool + threat_emulation: + description: + - Is Threat Emulation blade activated. + type: bool + activate_protections_by_extended_attributes: + description: + - Activate protections by these extended attributes. + type: list + elements: dict + suboptions: + name: + description: + - IPS tag name. + type: str + category: + description: + - IPS tag category name. + type: str + deactivate_protections_by_extended_attributes: + description: + - Deactivate protections by these extended attributes. + type: list + elements: dict + suboptions: + name: + description: + - IPS tag name. + type: str + category: + description: + - IPS tag category name. + type: str + use_extended_attributes: + description: + - Whether to activate/deactivate IPS protections according to the extended attributes. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-profile + cp_mgmt_threat_profile: + active_protections_performance_impact: low + active_protections_severity: low or above + anti_bot: true + anti_virus: true + confidence_level_high: prevent + confidence_level_medium: prevent + ips: true + ips_settings: + exclude_protection_with_performance_impact: true + exclude_protection_with_performance_impact_mode: high or lower + newly_updated_protections: staging + name: New Profile 1 + state: present + threat_emulation: true + +- name: set-threat-profile + cp_mgmt_threat_profile: + active_protections_performance_impact: low + active_protections_severity: low or above + anti_bot: true + anti_virus: false + comments: update recommended profile + confidence_level_high: prevent + confidence_level_low: prevent + confidence_level_medium: prevent + ips: false + ips_settings: + exclude_protection_with_performance_impact: true + exclude_protection_with_performance_impact_mode: high or lower + newly_updated_protections: active + name: New Profile 1 + state: present + threat_emulation: true + +- name: delete-threat-profile + cp_mgmt_threat_profile: + name: New Profile 1 + state: absent +""" + +RETURN = """ +cp_mgmt_threat_profile: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + active_protections_performance_impact=dict(type='str', choices=['high', 'medium', 'low', 'very_low']), + active_protections_severity=dict(type='str', choices=['Critical', 'High', 'Medium or above', 'Low or above']), + confidence_level_high=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + confidence_level_low=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + confidence_level_medium=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + indicator_overrides=dict(type='list', elements='dict', options=dict( + action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + indicator=dict(type='str') + )), + ips_settings=dict(type='dict', options=dict( + exclude_protection_with_performance_impact=dict(type='bool'), + exclude_protection_with_performance_impact_mode=dict(type='str', choices=['very low', 'low or lower', 'medium or lower', 'high or lower']), + exclude_protection_with_severity=dict(type='bool'), + exclude_protection_with_severity_mode=dict(type='str', choices=['low or above', 'medium or above', 'high or above', 'critical']), + newly_updated_protections=dict(type='str', choices=['active', 'inactive', 'staging']) + )), + malicious_mail_policy_settings=dict(type='dict', options=dict( + add_customized_text_to_email_body=dict(type='bool'), + add_email_subject_prefix=dict(type='bool'), + add_x_header_to_email=dict(type='bool'), + email_action=dict(type='str', choices=['allow', 'block']), + email_body_customized_text=dict(type='str'), + email_subject_prefix_text=dict(type='str'), + failed_to_scan_attachments_text=dict(type='str'), + malicious_attachments_text=dict(type='str'), + malicious_links_text=dict(type='str'), + remove_attachments_and_links=dict(type='bool'), + send_copy=dict(type='bool'), + send_copy_list=dict(type='list', elements='str') + )), + overrides=dict(type='list', elements='dict', options=dict( + action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']), + protection=dict(type='str'), + capture_packets=dict(type='bool'), + track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']) + )), + tags=dict(type='list', elements='str'), + use_indicators=dict(type='bool'), + anti_bot=dict(type='bool'), + anti_virus=dict(type='bool'), + ips=dict(type='bool'), + threat_emulation=dict(type='bool'), + activate_protections_by_extended_attributes=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + category=dict(type='str') + )), + deactivate_protections_by_extended_attributes=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + category=dict(type='str') + )), + use_extended_attributes=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-profile' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py new file mode 100644 index 000000000..b3fcbaae2 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_profile_facts +short_description: Get threat-profile objects facts on Check Point over Web Services API +description: + - Get threat-profile objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-profile + cp_mgmt_threat_profile_facts: + name: Recommended_Profile + +- name: show-threat-profiles + cp_mgmt_threat_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "threat-profile" + api_call_object_plural_version = "threat-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py new file mode 100644 index 000000000..22ce24a22 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_protection_override +short_description: Edit existing object using object name or uid. +description: + - Edit existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + comments: + description: + - Protection comments. + type: str + follow_up: + description: + - Tag the protection with pre-defined follow-up flag. + type: bool + overrides: + description: + - Overrides per profile for this protection<br> Note, Remove override for Core protections removes only the action's override. Remove override + for Threat Cloud protections removes the action, track and packet captures. + type: list + elements: dict + suboptions: + action: + description: + - Protection action. + type: str + choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept'] + profile: + description: + - Profile name. + type: str + capture_packets: + description: + - Capture packets. + type: bool + track: + description: + - Tracking method for protection. + type: str + choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'] + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: threat_protection_override + cp_mgmt_threat_protection_override: + name: FTP Commands + overrides: + - action: inactive + capture_packets: true + profile: New Profile 1 + track: None + state: present +""" + +RETURN = """ +cp_mgmt_threat_protection_override: + description: The checkpoint threat_protection_override output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + comments=dict(type='str'), + follow_up=dict(type='bool'), + overrides=dict(type='list', elements='dict', options=dict( + action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']), + profile=dict(type='str'), + capture_packets=dict(type='bool'), + track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']) + )), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-threat-protection" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py new file mode 100644 index 000000000..a69286364 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py @@ -0,0 +1,214 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_rule +short_description: Manages threat-rule objects on Check Point over Web Services API +description: + - Manages threat-rule objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + position: + description: + - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + name: + description: + - Object name. + type: str + required: True + action: + description: + - Action-the enforced profile. + type: str + destination: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + destination_negate: + description: + - True if negate is set for destination. + type: bool + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + protected_scope: + description: + - Collection of objects defining Protected Scope identified by the name or UID. + type: list + elements: str + protected_scope_negate: + description: + - True if negate is set for Protected Scope. + type: bool + service: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + service_negate: + description: + - True if negate is set for Service. + type: bool + source: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + source_negate: + description: + - True if negate is set for source. + type: bool + track: + description: + - Packet tracking. + type: str + track_settings: + description: + - Threat rule track settings. + type: dict + suboptions: + packet_capture: + description: + - Packet capture. + type: bool + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-rule + cp_mgmt_threat_rule: + comments: '' + install_on: Policy Targets + layer: New Layer 1 + name: First threat rule + position: 1 + protected_scope: All_Internet + state: present + track: None + +- name: set-threat-rule + cp_mgmt_threat_rule: + action: New Profile 1 + comments: commnet for the first rule + install_on: Policy Targets + layer: New Layer 1 + name: Rule Name + position: 1 + protected_scope: All_Internet + state: present + +- name: delete-threat-rule + cp_mgmt_threat_rule: + layer: New Layer 1 + name: Rule Name + state: absent +""" + +RETURN = """ +cp_mgmt_threat_rule: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule + + +def main(): + argument_spec = dict( + position=dict(type='str'), + layer=dict(type='str'), + name=dict(type='str', required=True), + action=dict(type='str'), + destination=dict(type='list', elements='str'), + destination_negate=dict(type='bool'), + enabled=dict(type='bool'), + install_on=dict(type='list', elements='str'), + protected_scope=dict(type='list', elements='str'), + protected_scope_negate=dict(type='bool'), + service=dict(type='list', elements='str'), + service_negate=dict(type='bool'), + source=dict(type='list', elements='str'), + source_negate=dict(type='bool'), + track=dict(type='str'), + track_settings=dict(type='dict', options=dict( + packet_capture=dict(type='bool') + )), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-rule' + + if module.params['position'] is None: + result = api_call(module, api_call_object) + else: + result = api_call_for_rule(module, api_call_object) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py new file mode 100644 index 000000000..683784bc8 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py @@ -0,0 +1,210 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_rule_facts +short_description: Get threat-rule objects facts on Check Point over Web Services API +description: + - Get threat-rule objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. Should be unique in the domain. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + package: + description: + - Name of the package. + type: str + use_object_dictionary: + description: + - N/A + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-rule + cp_mgmt_threat_rule_facts: + layer: New Layer 1 + name: Rule Name + +- name: show-threat-rulebase + cp_mgmt_threat_rule_facts: + details_level: standard + filter: '' + limit: 20 + name: Threat Prevention + offset: 0 + use_object_dictionary: false +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + package=dict(type='str'), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "threat-rule" + api_call_object_plural_version = "threat-rulebase" + + result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py new file mode 100644 index 000000000..aa0af5e9a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py @@ -0,0 +1,285 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_time +short_description: Manages time objects on Check Point over Web Services API +description: + - Manages time objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + end: + description: + - End time. Note, Each gateway may interpret this time differently according to its time zone. + type: dict + suboptions: + date: + description: + - Date in format dd-MMM-yyyy. + type: str + iso_8601: + description: + - Date and time represented in international ISO 8601 format. Time zone information is ignored. + type: str + posix: + description: + - Number of milliseconds that have elapsed since 00,00,00, 1 January 1970. + type: int + time: + description: + - Time in format HH,mm. + type: str + end_never: + description: + - End never. + type: bool + hours_ranges: + description: + - Hours recurrence. Note, Each gateway may interpret this time differently according to its time zone. + type: list + elements: dict + suboptions: + enabled: + description: + - Is hour range enabled. + type: bool + from: + description: + - Time in format HH,MM. + type: str + index: + description: + - Hour range index. + type: int + to: + description: + - Time in format HH,MM. + type: str + start: + description: + - Starting time. Note, Each gateway may interpret this time differently according to its time zone. + type: dict + suboptions: + date: + description: + - Date in format dd-MMM-yyyy. + type: str + iso_8601: + description: + - Date and time represented in international ISO 8601 format. Time zone information is ignored. + type: str + posix: + description: + - Number of milliseconds that have elapsed since 00,00,00, 1 January 1970. + type: int + time: + description: + - Time in format HH,mm. + type: str + start_now: + description: + - Start immediately. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + recurrence: + description: + - Days recurrence. + type: dict + suboptions: + days: + description: + - Valid on specific days. Multiple options, support range of days in months. Example,["1","3","9-20"]. + type: list + elements: str + month: + description: + - Valid on month. Example, "1", "2","12","Any". + type: str + pattern: + description: + - Valid on "Daily", "Weekly", "Monthly" base. + type: str + weekdays: + description: + - Valid on weekdays. Example, "Sun", "Mon"..."Sat". + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-time + cp_mgmt_time: + end: + date: 24-Nov-2014 + time: '21:22' + end_never: 'false' + hours_ranges: + - enabled: true + from: 00:00 + index: 1 + to: 00:00 + - enabled: false + from: 00:00 + index: 2 + to: 00:00 + name: timeObject1 + recurrence: + days: + - '1' + month: Any + pattern: Daily + weekdays: + - Sun + - Mon + start_now: 'true' + state: present + +- name: set-time + cp_mgmt_time: + hours_ranges: + - from: 00:22 + to: 00:33 + name: timeObject1 + recurrence: + month: Any + pattern: Weekly + weekdays: + - Fri + state: present + +- name: delete-time + cp_mgmt_time: + name: timeObject1 + state: absent +""" + +RETURN = """ +cp_mgmt_time: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + end=dict(type='dict', options=dict( + date=dict(type='str'), + iso_8601=dict(type='str'), + posix=dict(type='int'), + time=dict(type='str') + )), + end_never=dict(type='bool'), + hours_ranges=dict(type='list', elements='dict', options=dict( + enabled=dict(type='bool'), + index=dict(type='int'), + to=dict(type='str') + )), + start=dict(type='dict', options=dict( + date=dict(type='str'), + iso_8601=dict(type='str'), + posix=dict(type='int'), + time=dict(type='str') + )), + start_now=dict(type='bool'), + tags=dict(type='list', elements='str'), + recurrence=dict(type='dict', options=dict( + days=dict(type='list', elements='str'), + month=dict(type='str'), + pattern=dict(type='str'), + weekdays=dict(type='list', elements='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec['hours_ranges']['options']['from'] = dict(type='str') + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'time' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py new file mode 100644 index 000000000..40eb88026 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_time_facts +short_description: Get time objects facts on Check Point over Web Services API +description: + - Get time objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-time + cp_mgmt_time_facts: + name: timeObject1 + +- name: show-times + cp_mgmt_time_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "time" + api_call_object_plural_version = "times" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py new file mode 100644 index 000000000..9b885f83a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py @@ -0,0 +1,216 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_trusted_client +short_description: Manages trusted-client objects on Checkpoint over Web Services API +description: + - Manages trusted-client objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + domains_assignment: + description: + - Domains to be added to this profile. Use domain name only. See example below, "add-trusted-client (with domain)". + type: list + elements: str + ip_address_first: + description: + - First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_first: + description: + - First IPv4 address in the range. + type: str + ipv6_address_first: + description: + - First IPv6 address in the range. + type: str + ip_address_last: + description: + - Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_last: + description: + - Last IPv4 address in the range. + type: str + ipv6_address_last: + description: + - Last IPv6 address in the range. + type: str + mask_length: + description: + - IPv4 or IPv6 mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. + type: int + mask_length4: + description: + - IPv4 mask length. + type: int + mask_length6: + description: + - IPv6 mask length. + type: int + multi_domain_server_trusted_client: + description: + - Let this trusted client connect to all Multi-Domain Servers in the deployment. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + type: + description: + - Trusted client type. + type: str + choices: ['any', 'domain', 'ipv4 address', 'ipv4 address range', 'ipv4 netmask', 'ipv6 address', 'ipv6 address range', 'ipv6 netmask', 'name', + 'wild cards (ip only)'] + wild_card: + description: + - IP wild card (e.g. 192.0.2.*). + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-trusted-client + cp_mgmt_trusted_client: + name: my client + state: present + type: ANY + +- name: set-trusted-client + cp_mgmt_trusted_client: + ip_address: 192.0.2.1 + mask_length: '24' + name: my client + state: present + type: NETMASK + +- name: delete-trusted-client + cp_mgmt_trusted_client: + name: my client + state: absent +""" + +RETURN = """ +cp_mgmt_trusted_client: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + domains_assignment=dict(type='list', elements='str'), + ip_address_first=dict(type='str'), + ipv4_address_first=dict(type='str'), + ipv6_address_first=dict(type='str'), + ip_address_last=dict(type='str'), + ipv4_address_last=dict(type='str'), + ipv6_address_last=dict(type='str'), + mask_length=dict(type='int'), + mask_length4=dict(type='int'), + mask_length6=dict(type='int'), + multi_domain_server_trusted_client=dict(type='bool'), + tags=dict(type='list', elements='str'), + type=dict(type='str', choices=['any', 'domain', 'ipv4 address', 'ipv4 address range', 'ipv4 netmask', + 'ipv6 address', 'ipv6 address range', 'ipv6 netmask', 'name', 'wild cards (ip only)']), + wild_card=dict(type='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'trusted-client' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py new file mode 100644 index 000000000..8991e1125 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py @@ -0,0 +1,134 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_trusted_client_facts +short_description: Get trusted-client objects facts on Checkpoint over Web Services API +description: + - Get trusted-client objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-trusted-client + cp_mgmt_trusted_client_facts: + name: anyHost + +- name: show-trusted-clients + cp_mgmt_trusted_client_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "trusted-client" + api_call_object_plural_version = "trusted-clients" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py new file mode 100644 index 000000000..1ddb16d74 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py @@ -0,0 +1,106 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_uninstall_software_package +short_description: Uninstalls the software package from target machines. +description: + - Uninstalls the software package from target machines. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the software package. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + cluster_installation_settings: + description: + - Installation settings for cluster. + type: dict + suboptions: + cluster_delay: + description: + - The delay between end of installation on one cluster members and start of installation on the next cluster member. + type: int + cluster_strategy: + description: + - The cluster installation strategy. + type: str + concurrency_limit: + description: + - The number of targets, on which the same package is installed at the same time. + type: int +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: uninstall-software-package + cp_mgmt_uninstall_software_package: + name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz + targets.1: corporate-gateway +""" + +RETURN = """ +cp_mgmt_uninstall_software_package: + description: The checkpoint uninstall-software-package output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + targets=dict(type='list', elements='str'), + cluster_installation_settings=dict(type='dict', options=dict( + cluster_delay=dict(type='int'), + cluster_strategy=dict(type='str') + )), + concurrency_limit=dict(type='int') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "uninstall-software-package" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py new file mode 100644 index 000000000..5202c95b5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_update_provisioned_satellites +short_description: Executes the update-provisioned-satellites on center gateways of VPN communities. +description: + - Executes the update-provisioned-satellites on center gateways of VPN communities. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + vpn_center_gateways: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. The targets should be a + corporate gateways. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: update-provisioned-satellites + cp_mgmt_update_provisioned_satellites: + vpn_center_gateways: + - co_gateway +""" + +RETURN = """ +cp_mgmt_update_provisioned_satellites: + description: The checkpoint update-provisioned-satellites output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + vpn_center_gateways=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "update-provisioned-satellites" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py new file mode 100644 index 000000000..77a4fc6eb --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py @@ -0,0 +1,77 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_verify_policy +short_description: Verifies the policy of the selected package. +description: + - Verifies the policy of the selected package. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + policy_package: + description: + - Policy package identified by the name or UID. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: verify-policy + cp_mgmt_verify_policy: + policy_package: standard +""" + +RETURN = """ +cp_mgmt_verify_policy: + description: The checkpoint verify-policy output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + policy_package=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "verify-policy" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py new file mode 100644 index 000000000..8f1d83816 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py @@ -0,0 +1,104 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_verify_software_package +short_description: Verifies the software package on target machines. +description: + - Verifies the software package on target machines. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the software package. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + concurrency_limit: + description: + - The number of targets, on which the same package is installed at the same time. + type: int + download_package: + description: + - NOTE, Supported from Check Point version R81 + - Should the package be downloaded before verification. + type: bool + download_package_from: + description: + - NOTE, Supported from Check Point version R81 + - Where is the package located. + type: str + choices: ['automatic', 'central', 'target-machine'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: verify-software-package + cp_mgmt_verify_software_package: + download_package: 'true' + download_package_from: target-machine + name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz + targets.1: corporate-gateway +""" + +RETURN = """ +cp_mgmt_verify_software_package: + description: The checkpoint verify-software-package output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + targets=dict(type='list', elements='str'), + concurrency_limit=dict(type='int'), + download_package=dict(type='bool'), + download_package_from=dict(type='str', choices=['automatic', 'central', 'target-machine']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "verify-software-package" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py new file mode 100644 index 000000000..8ccc016e4 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py @@ -0,0 +1,232 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_meshed +short_description: Manages vpn-community-meshed objects on Check Point over Web Services API +description: + - Manages vpn-community-meshed objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + encryption_method: + description: + - The encryption method to be used. + type: str + choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only'] + encryption_suite: + description: + - The encryption suite to be used. + type: str + choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128'] + gateways: + description: + - Collection of Gateway objects identified by the name or UID. + type: list + elements: str + ike_phase_1: + description: + - Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5'] + diffie_hellman_group: + description: + - The Diffie-Hellman group to be used. + type: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20'] + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-256', 'des', 'aes-128', '3des'] + ike_phase_2: + description: + - Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5'] + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'] + shared_secrets: + description: + - Shared secrets for external gateways. + type: list + elements: dict + suboptions: + external_gateway: + description: + - External gateway identified by the name or UID. + type: str + shared_secret: + description: + - Shared secret. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_shared_secret: + description: + - Indicates whether the shared secret should be used for all external gateways. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-vpn-community-meshed + cp_mgmt_vpn_community_meshed: + encryption_method: prefer ikev2 but support ikev1 + encryption_suite: custom + ike_phase_1: + data_integrity: sha1 + diffie_hellman_group: group 19 + encryption_algorithm: aes-128 + ike_phase_2: + data_integrity: aes-xcbc + encryption_algorithm: aes-gcm-128 + name: New_VPN_Community_Meshed_1 + state: present + +- name: set-vpn-community-meshed + cp_mgmt_vpn_community_meshed: + encryption_method: ikev2 only + encryption_suite: custom + ike_phase_1: + data_integrity: sha1 + diffie_hellman_group: group 19 + encryption_algorithm: aes-128 + ike_phase_2: + data_integrity: aes-xcbc + encryption_algorithm: aes-gcm-128 + name: New_VPN_Community_Meshed_1 + state: present + +- name: delete-vpn-community-meshed + cp_mgmt_vpn_community_meshed: + name: New_VPN_Community_Meshed_1 + state: absent +""" + +RETURN = """ +cp_mgmt_vpn_community_meshed: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']), + encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']), + gateways=dict(type='list', elements='str'), + ike_phase_1=dict(type='dict', options=dict( + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), + diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']), + encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des']) + )), + ike_phase_2=dict(type='dict', options=dict( + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), + encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40', + 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']) + )), + shared_secrets=dict(type='list', elements='dict', no_log=True, options=dict( + external_gateway=dict(type='str'), + shared_secret=dict(type='str', no_log=True) + )), + tags=dict(type='list', elements='str'), + use_shared_secret=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'vpn-community-meshed' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py new file mode 100644 index 000000000..9ea3882a7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_meshed_facts +short_description: Get vpn-community-meshed objects facts on Check Point over Web Services API +description: + - Get vpn-community-meshed objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-vpn-community-meshed + cp_mgmt_vpn_community_meshed_facts: + name: New_VPN_Community_Meshed_1 + +- name: show-vpn-communities-meshed + cp_mgmt_vpn_community_meshed_facts: + details_level: full + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "vpn-community-meshed" + api_call_object_plural_version = "vpn-communities-meshed" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py new file mode 100644 index 000000000..0073a60de --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py @@ -0,0 +1,244 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_star +short_description: Manages vpn-community-star objects on Check Point over Web Services API +description: + - Manages vpn-community-star objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + center_gateways: + description: + - Collection of Gateway objects representing center gateways identified by the name or UID. + type: list + elements: str + encryption_method: + description: + - The encryption method to be used. + type: str + choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only'] + encryption_suite: + description: + - The encryption suite to be used. + type: str + choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128'] + ike_phase_1: + description: + - Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5'] + diffie_hellman_group: + description: + - The Diffie-Hellman group to be used. + type: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20'] + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-256', 'des', 'aes-128', '3des'] + ike_phase_2: + description: + - Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5'] + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'] + mesh_center_gateways: + description: + - Indicates whether the meshed community is in center. + type: bool + satellite_gateways: + description: + - Collection of Gateway objects representing satellite gateways identified by the name or UID. + type: list + elements: str + shared_secrets: + description: + - Shared secrets for external gateways. + type: list + elements: dict + suboptions: + external_gateway: + description: + - External gateway identified by the name or UID. + type: str + shared_secret: + description: + - Shared secret. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_shared_secret: + description: + - Indicates whether the shared secret should be used for all external gateways. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-vpn-community-star + cp_mgmt_vpn_community_star: + center_gateways: Second_Security_Gateway + encryption_method: prefer ikev2 but support ikev1 + encryption_suite: custom + ike_phase_1: + data_integrity: sha1 + diffie_hellman_group: group 19 + encryption_algorithm: aes-128 + ike_phase_2: + data_integrity: aes-xcbc + encryption_algorithm: aes-gcm-128 + name: New_VPN_Community_Star_1 + state: present + +- name: set-vpn-community-star + cp_mgmt_vpn_community_star: + encryption_method: ikev2 only + encryption_suite: custom + ike_phase_1: + data_integrity: sha1 + diffie_hellman_group: group 19 + encryption_algorithm: aes-128 + ike_phase_2: + data_integrity: aes-xcbc + encryption_algorithm: aes-gcm-128 + name: New_VPN_Community_Star_1 + state: present + +- name: delete-vpn-community-star + cp_mgmt_vpn_community_star: + name: New_VPN_Community_Star_1 + state: absent +""" + +RETURN = """ +cp_mgmt_vpn_community_star: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + center_gateways=dict(type='list', elements='str'), + encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']), + encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']), + ike_phase_1=dict(type='dict', options=dict( + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), + diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']), + encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des']) + )), + ike_phase_2=dict(type='dict', options=dict( + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), + encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40', + 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']) + )), + mesh_center_gateways=dict(type='bool'), + satellite_gateways=dict(type='list', elements='str'), + shared_secrets=dict(type='list', elements='dict', no_log=True, options=dict( + external_gateway=dict(type='str'), + shared_secret=dict(type='str', no_log=True) + )), + tags=dict(type='list', elements='str'), + use_shared_secret=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'vpn-community-star' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py new file mode 100644 index 000000000..09fbd90a6 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_star_facts +short_description: Get vpn-community-star objects facts on Check Point over Web Services API +description: + - Get vpn-community-star objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-vpn-community-star + cp_mgmt_vpn_community_star_facts: + name: New_VPN_Community_Meshed_1 + +- name: show-vpn-communities-star + cp_mgmt_vpn_community_star_facts: + details_level: full + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "vpn-community-star" + api_call_object_plural_version = "vpn-communities-star" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py new file mode 100644 index 000000000..54739fdfe --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py @@ -0,0 +1,159 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_wildcard +short_description: Manages wildcard objects on Check Point over Web Services API +description: + - Manages wildcard objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ipv4_address: + description: + - IPv4 address. + type: str + ipv4_mask_wildcard: + description: + - IPv4 mask wildcard. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + ipv6_mask_wildcard: + description: + - IPv6 mask wildcard. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-wildcard + cp_mgmt_wildcard: + ipv4_address: 192.168.2.1 + ipv4_mask_wildcard: 0.0.0.128 + name: New Wildcard 1 + state: present + +- name: set-wildcard + cp_mgmt_wildcard: + color: green + ipv6_address: 2001:db8::1111 + ipv6_mask_wildcard: ffff:ffff::f0f0 + name: New Wildcard 1 + state: present + +- name: delete-wildcard + cp_mgmt_wildcard: + name: New Wildcard 1 + state: absent +""" + +RETURN = """ +cp_mgmt_wildcard: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ipv4_address=dict(type='str'), + ipv4_mask_wildcard=dict(type='str'), + ipv6_address=dict(type='str'), + ipv6_mask_wildcard=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'wildcard' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py new file mode 100644 index 000000000..474776b4f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_wildcard_facts +short_description: Get wildcard objects facts on Check Point over Web Services API +description: + - Get wildcard objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-wildcard + cp_mgmt_wildcard_facts: + name: New Wildcard 1 + +- name: show-wildcards + cp_mgmt_wildcard_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "wildcard" + api_call_object_plural_version = "wildcards" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() |