archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Migrated to check_point.mgmt

Browse Source
pull/68298/head
Ansible Core Team 4 years ago committed by Matt Martz
parent f0cf2c159b
commit 6da1ec1d8c
185 changed files with 0 additions and 24168 deletions
Show Stats Download Patch File Download Diff File

469
lib/ansible/module_utils/network/checkpoint/checkpoint.py
Unescape Escape View File

@ -1,469 +0,0 @@
# This code is part of Ansible, but is an independent component.
# This particular file snippet, and this file snippet only, is BSD licensed.
# Modules you write using this snippet, which is embedded dynamically by Ansible
# still belong to the author of the module, and may assign their own license
# to the complete work.
#
# (c) 2018 Red Hat Inc.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
from __future__ import (absolute_import, division, print_function)
import time
from ansible.module_utils.connection import Connection
checkpoint_argument_spec_for_objects = dict(
auto_publish_session=dict(type='bool'),
wait_for_task=dict(type='bool', default=True),
state=dict(type='str', choices=['present', 'absent'], default='present'),
version=dict(type='str')
)
checkpoint_argument_spec_for_facts = dict(
version=dict(type='str')
)
checkpoint_argument_spec_for_commands = dict(
wait_for_task=dict(type='bool', default=True),
version=dict(type='str')
)
delete_params = ['name', 'uid', 'layer', 'exception-group-name', 'layer', 'rule-name']
# send the request to checkpoint
def send_request(connection, version, url, payload=None):
code, response = connection.send_request('/web_api/' + version + url, payload)
return code, response
# get the payload from the user parameters
def is_checkpoint_param(parameter):
if parameter == 'auto_publish_session' or \
parameter == 'state' or \
parameter == 'wait_for_task' or \
parameter == 'version':
return False
return True
# build the payload from the parameters which has value (not None), and they are parameter of checkpoint API as well
def get_payload_from_parameters(params):
payload = {}
for parameter in params:
parameter_value = params[parameter]
if parameter_value is not None and is_checkpoint_param(parameter):
if isinstance(parameter_value, dict):
payload[parameter.replace("_", "-")] = get_payload_from_parameters(parameter_value)
elif isinstance(parameter_value, list) and len(parameter_value) != 0 and isinstance(parameter_value[0], dict):
payload_list = []
for element_dict in parameter_value:
payload_list.append(get_payload_from_parameters(element_dict))
payload[parameter.replace("_", "-")] = payload_list
else:
payload[parameter.replace("_", "-")] = parameter_value
return payload
# wait for task
def wait_for_task(module, version, connection, task_id):
task_id_payload = {'task-id': task_id}
task_complete = False
current_iteration = 0
max_num_iterations = 300
# As long as there is a task in progress
while not task_complete and current_iteration < max_num_iterations:
current_iteration += 1
# Check the status of the task
code, response = send_request(connection, version, 'show-task', task_id_payload)
attempts_counter = 0
while code != 200:
if attempts_counter < 5:
attempts_counter += 1
time.sleep(2)
code, response = send_request(connection, version, 'show-task', task_id_payload)
else:
response['message'] = "ERROR: Failed to handle asynchronous tasks as synchronous, tasks result is" \
" undefined.\n" + response['message']
module.fail_json(msg=response)
# Count the number of tasks that are not in-progress
completed_tasks = 0
for task in response['tasks']:
if task['status'] == 'failed':
module.fail_json(msg='Task {0} with task id {1} failed. Look at the logs for more details'
.format(task['task-name'], task['task-id']))
if task['status'] == 'in progress':
break
completed_tasks += 1
# Are we done? check if all tasks are completed
if completed_tasks == len(response["tasks"]):
task_complete = True
else:
time.sleep(2) # Wait for two seconds
if not task_complete:
module.fail_json(msg="ERROR: Timeout.\nTask-id: {0}.".format(task_id_payload['task-id']))
# handle publish command, and wait for it to end if the user asked so
def handle_publish(module, connection, version):
if module.params['auto_publish_session']:
publish_code, publish_response = send_request(connection, version, 'publish')
if publish_code != 200:
module.fail_json(msg=publish_response)
if module.params['wait_for_task']:
wait_for_task(module, version, connection, publish_response['task-id'])
# handle a command
def api_command(module, command):
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
# if user insert a specific version, we add it to the url
version = ('v' + module.params['version'] + '/') if module.params.get('version') else ''
code, response = send_request(connection, version, command, payload)
result = {'changed': True}
if code == 200:
if module.params['wait_for_task']:
if 'task-id' in response:
wait_for_task(module, version, connection, response['task-id'])
elif 'tasks' in response:
for task_id in response['tasks']:
wait_for_task(module, version, connection, task_id)
result[command] = response
else:
module.fail_json(msg='Checkpoint device returned error {0} with message {1}'.format(code, response))
return result
# handle api call facts
def api_call_facts(module, api_call_object, api_call_object_plural_version):
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
# if user insert a specific version, we add it to the url
version = ('v' + module.params['version'] + '/') if module.params['version'] else ''
# if there is neither name nor uid, the API command will be in plural version (e.g. show-hosts instead of show-host)
if payload.get("name") is None and payload.get("uid") is None:
api_call_object = api_call_object_plural_version
code, response = send_request(connection, version, 'show-' + api_call_object, payload)
if code != 200:
module.fail_json(msg='Checkpoint device returned error {0} with message {1}'.format(code, response))
result = {api_call_object: response}
return result
# handle api call
def api_call(module, api_call_object):
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
result = {'changed': False}
if module.check_mode:
return result
# if user insert a specific version, we add it to the url
version = ('v' + module.params['version'] + '/') if module.params.get('version') else ''
payload_for_equals = {'type': api_call_object, 'params': payload}
equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals)
result['checkpoint_session_uid'] = connection.get_session_uid()
# if code is 400 (bad request) or 500 (internal error) - fail
if equals_code == 400 or equals_code == 500:
module.fail_json(msg=equals_response)
if equals_code == 404 and equals_response['code'] == 'generic_err_command_not_found':
module.fail_json(msg='Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center.')
if module.params['state'] == 'present':
if equals_code == 200:
if not equals_response['equals']:
code, response = send_request(connection, version, 'set-' + api_call_object, payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
result[api_call_object] = response
else:
# objects are equals and there is no need for set request
pass
elif equals_code == 404:
code, response = send_request(connection, version, 'add-' + api_call_object, payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
result[api_call_object] = response
elif module.params['state'] == 'absent':
if equals_code == 200:
payload_for_delete = get_copy_payload_with_some_params(payload, delete_params)
code, response = send_request(connection, version, 'delete-' + api_call_object, payload_for_delete)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
elif equals_code == 404:
# no need to delete because object dose not exist
pass
return result
# get the position in integer format
def get_number_from_position(payload, connection, version):
if 'position' in payload:
position = payload['position']
else:
return None
# This code relevant if we will decide to support 'top' and 'bottom' in position
# position_number = None
# # if position is not int, convert it to int. There are several cases: "top"
# if position == 'top':
# position_number = 1
# elif position == 'bottom':
# payload_for_show_access_rulebase = {'name': payload['layer'], 'limit': 0}
# code, response = send_request(connection, version, 'show-access-rulebase', payload_for_show_access_rulebase)
# position_number = response['total']
# elif isinstance(position, str):
# # here position is a number in format str (e.g. "5" and not 5)
# position_number = int(position)
# else:
# # here position suppose to be int
# position_number = position
#
# return position_number
return int(position)
# is the param position (if the user inserted it) equals between the object and the user input
def is_equals_with_position_param(payload, connection, version, api_call_object):
position_number = get_number_from_position(payload, connection, version)
# if there is no position param, then it's equals in vacuous truth
if position_number is None:
return True
payload_for_show_access_rulebase = {'name': payload['layer'], 'offset': position_number - 1, 'limit': 1}
rulebase_command = 'show-' + api_call_object.split('-')[0] + '-rulebase'
# if it's threat-exception, we change a little the payload and the command
if api_call_object == 'threat-exception':
payload_for_show_access_rulebase['rule-name'] = payload['rule-name']
rulebase_command = 'show-threat-rule-exception-rulebase'
code, response = send_request(connection, version, rulebase_command, payload_for_show_access_rulebase)
# if true, it means there is no rule in the position that the user inserted, so I return false, and when we will try to set
# the rule, the API server will get throw relevant error
if response['total'] < position_number:
return False
rule = response['rulebase'][0]
while 'rulebase' in rule:
rule = rule['rulebase'][0]
# if the names of the exist rule and the user input rule are equals, then it's means that their positions are equals so I
# return True. and there is no way that there is another rule with this name cause otherwise the 'equals' command would fail
if rule['name'] == payload['name']:
return True
else:
return False
# get copy of the payload without some of the params
def get_copy_payload_without_some_params(payload, params_to_remove):
copy_payload = dict(payload)
for param in params_to_remove:
if param in copy_payload:
del copy_payload[param]
return copy_payload
# get copy of the payload with only some of the params
def get_copy_payload_with_some_params(payload, params_to_insert):
copy_payload = {}
for param in params_to_insert:
if param in payload:
copy_payload[param] = payload[param]
return copy_payload
# is equals with all the params including action and position
def is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule):
if is_access_rule and 'action' in payload:
payload_for_show = get_copy_payload_with_some_params(payload, ['name', 'uid', 'layer'])
code, response = send_request(connection, version, 'show-' + api_call_object, payload_for_show)
exist_action = response['action']['name']
if exist_action != payload['action']:
return False
if not is_equals_with_position_param(payload, connection, version, api_call_object):
return False
return True
# handle api call for rule
def api_call_for_rule(module, api_call_object):
is_access_rule = True if 'access' in api_call_object else False
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
result = {'changed': False}
if module.check_mode:
return result
# if user insert a specific version, we add it to the url
version = ('v' + module.params['version'] + '/') if module.params.get('version') else ''
if is_access_rule:
copy_payload_without_some_params = get_copy_payload_without_some_params(payload, ['action', 'position'])
else:
copy_payload_without_some_params = get_copy_payload_without_some_params(payload, ['position'])
payload_for_equals = {'type': api_call_object, 'params': copy_payload_without_some_params}
equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals)
result['checkpoint_session_uid'] = connection.get_session_uid()
# if code is 400 (bad request) or 500 (internal error) - fail
if equals_code == 400 or equals_code == 500:
module.fail_json(msg=equals_response)
if equals_code == 404 and equals_response['code'] == 'generic_err_command_not_found':
module.fail_json(msg='Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center.')
if module.params['state'] == 'present':
if equals_code == 200:
if equals_response['equals']:
if not is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule):
equals_response['equals'] = False
if not equals_response['equals']:
# if user insert param 'position' and needed to use the 'set' command, change the param name to 'new-position'
if 'position' in payload:
payload['new-position'] = payload['position']
del payload['position']
code, response = send_request(connection, version, 'set-' + api_call_object, payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
result[api_call_object] = response
else:
# objects are equals and there is no need for set request
pass
elif equals_code == 404:
code, response = send_request(connection, version, 'add-' + api_call_object, payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
result[api_call_object] = response
elif module.params['state'] == 'absent':
if equals_code == 200:
payload_for_delete = get_copy_payload_with_some_params(payload, delete_params)
code, response = send_request(connection, version, 'delete-' + api_call_object, payload_for_delete)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
elif equals_code == 404:
# no need to delete because object dose not exist
pass
return result
# handle api call facts for rule
def api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version):
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
# if user insert a specific version, we add it to the url
version = ('v' + module.params['version'] + '/') if module.params['version'] else ''
# if there is neither name nor uid, the API command will be in plural version (e.g. show-hosts instead of show-host)
if payload.get("layer") is None:
api_call_object = api_call_object_plural_version
code, response = send_request(connection, version, 'show-' + api_call_object, payload)
if code != 200:
module.fail_json(msg='Checkpoint device returned error {0} with message {1}'.format(code, response))
result = {api_call_object: response}
return result
# The code from here till EOF will be deprecated when Rikis' modules will be deprecated
checkpoint_argument_spec = dict(auto_publish_session=dict(type='bool', default=True),
policy_package=dict(type='str', default='standard'),
auto_install_policy=dict(type='bool', default=True),
targets=dict(type='list')
)
def publish(connection, uid=None):
payload = None
if uid:
payload = {'uid': uid}
connection.send_request('/web_api/publish', payload)
def discard(connection, uid=None):
payload = None
if uid:
payload = {'uid': uid}
connection.send_request('/web_api/discard', payload)
def install_policy(connection, policy_package, targets):
payload = {'policy-package': policy_package,
'targets': targets}
connection.send_request('/web_api/install-policy', payload)

170
lib/ansible/modules/network/check_point/cp_mgmt_access_layer.py
Unescape Escape View File

@ -1,170 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_access_layer
short_description: Manages access-layer objects on Check Point over Web Services API
description:
- Manages access-layer objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
add_default_rule:
description:
- Indicates whether to include a cleanup rule in the new layer.
type: bool
applications_and_url_filtering:
description:
- Whether to enable Applications & URL Filtering blade on the layer.
type: bool
content_awareness:
description:
- Whether to enable Content Awareness blade on the layer.
type: bool
detect_using_x_forward_for:
description:
- Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP.
type: bool
firewall:
description:
- Whether to enable Firewall blade on the layer.
type: bool
implicit_cleanup_action:
description:
- The default "catch-all" action for traffic that does not match any explicit or implied rules in the layer.
type: str
choices: ['drop', 'accept']
mobile_access:
description:
- Whether to enable Mobile Access blade on the layer.
type: bool
shared:
description:
- Whether this layer is shared.
type: bool
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-access-layer
cp_mgmt_access_layer:
name: New Layer 1
state: present
- name: set-access-layer
cp_mgmt_access_layer:
applications_and_url_filtering: false
data_awareness: true
name: New Layer 1
state: present
- name: delete-access-layer
cp_mgmt_access_layer:
name: New Layer 2
state: absent
"""
RETURN = """
cp_mgmt_access_layer:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
add_default_rule=dict(type='bool'),
applications_and_url_filtering=dict(type='bool'),
content_awareness=dict(type='bool'),
detect_using_x_forward_for=dict(type='bool'),
firewall=dict(type='bool'),
implicit_cleanup_action=dict(type='str', choices=['drop', 'accept']),
mobile_access=dict(type='bool'),
shared=dict(type='bool'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'access-layer'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

126
lib/ansible/modules/network/check_point/cp_mgmt_access_layer_facts.py
Unescape Escape View File

@ -1,126 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_access_layer_facts
short_description: Get access-layer objects facts on Check Point over Web Services API
description:
- Get access-layer objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-access-layer
cp_mgmt_access_layer_facts:
name: New Layer 1
- name: show-access-layers
cp_mgmt_access_layer_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "access-layer"
api_call_object_plural_version = "access-layers"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

187
lib/ansible/modules/network/check_point/cp_mgmt_access_role.py
Unescape Escape View File

@ -1,187 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_access_role
short_description: Manages access-role objects on Check Point over Web Services API
description:
- Manages access-role objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
machines:
description:
- Machines that can access the system.
type: list
suboptions:
source:
description:
- Active Directory name or UID or Identity Tag.
type: str
selection:
description:
- Name or UID of an object selected from source.
type: list
base_dn:
description:
- When source is "Active Directory" use "base-dn" to refine the query in AD database.
type: str
networks:
description:
- Collection of Network objects identified by the name or UID that can access the system.
type: list
remote_access_clients:
description:
- Remote access clients identified by name or UID.
type: str
tags:
description:
- Collection of tag identifiers.
type: list
users:
description:
- Users that can access the system.
type: list
suboptions:
source:
description:
- Active Directory name or UID or Identity Tag or Internal User Groups or LDAP groups or Guests.
type: str
selection:
description:
- Name or UID of an object selected from source.
type: list
base_dn:
description:
- When source is "Active Directory" use "base-dn" to refine the query in AD database.
type: str
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-access-role
cp_mgmt_access_role:
machines: all identified
name: New Access Role 1
networks: any
remote_access_clients: any
state: present
users: any
- name: set-access-role
cp_mgmt_access_role:
machines: any
name: New Access Role 1
state: present
users: all identified
- name: delete-access-role
cp_mgmt_access_role:
name: New Access Role 1
state: absent
"""
RETURN = """
cp_mgmt_access_role:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
machines=dict(type='list', options=dict(
source=dict(type='str'),
selection=dict(type='list'),
base_dn=dict(type='str')
)),
networks=dict(type='list'),
remote_access_clients=dict(type='str'),
tags=dict(type='list'),
users=dict(type='list', options=dict(
source=dict(type='str'),
selection=dict(type='list'),
base_dn=dict(type='str')
)),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'access-role'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

124
lib/ansible/modules/network/check_point/cp_mgmt_access_role_facts.py
Unescape Escape View File

@ -1,124 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_access_role_facts
short_description: Get access-role objects facts on Check Point over Web Services API
description:
- Get access-role objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-access-role
cp_mgmt_access_role_facts:
name: New Access Role 1
- name: show-access-roles
cp_mgmt_access_role_facts:
details_level: full
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "access-role"
api_call_object_plural_version = "access-roles"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

354
lib/ansible/modules/network/check_point/cp_mgmt_access_rule.py
Unescape Escape View File

@ -1,354 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_access_rule
short_description: Manages access-rule objects on Check Point over Web Services API
description:
- Manages access-rule objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
layer:
description:
- Layer that the rule belongs to identified by the name or UID.
type: str
position:
description:
- Position in the rulebase.
type: str
name:
description:
- Object name.
type: str
required: True
action:
description:
- a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
type: str
action_settings:
description:
- Action settings.
type: dict
suboptions:
enable_identity_captive_portal:
description:
- N/A
type: bool
limit:
description:
- N/A
type: str
content:
description:
- List of processed file types that this rule applies on.
type: list
content_direction:
description:
- On which direction the file types processing is applied.
type: str
choices: ['any', 'up', 'down']
content_negate:
description:
- True if negate is set for data.
type: bool
custom_fields:
description:
- Custom fields.
type: dict
suboptions:
field_1:
description:
- First custom field.
type: str
field_2:
description:
- Second custom field.
type: str
field_3:
description:
- Third custom field.
type: str
destination:
description:
- Collection of Network objects identified by the name or UID.
type: list
destination_negate:
description:
- True if negate is set for destination.
type: bool
enabled:
description:
- Enable/Disable the rule.
type: bool
inline_layer:
description:
- Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
type: str
install_on:
description:
- Which Gateways identified by the name or UID to install the policy on.
type: list
service:
description:
- Collection of Network objects identified by the name or UID.
type: list
service_negate:
description:
- True if negate is set for service.
type: bool
source:
description:
- Collection of Network objects identified by the name or UID.
type: list
source_negate:
description:
- True if negate is set for source.
type: bool
time:
description:
- List of time objects. For example, "Weekend", "Off-Work", "Every-Day".
type: list
track:
description:
- Track Settings.
type: dict
suboptions:
accounting:
description:
- Turns accounting for track on and off.
type: bool
alert:
description:
- Type of alert for the track.
type: str
choices: ['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']
enable_firewall_session:
description:
- Determine whether to generate session log to firewall only connections.
type: bool
per_connection:
description:
- Determines whether to perform the log per connection.
type: bool
per_session:
description:
- Determines whether to perform the log per session.
type: bool
type:
description:
- a "Log", "Extended Log", "Detailed Log", "None".
type: str
user_check:
description:
- User check settings.
type: dict
suboptions:
confirm:
description:
- N/A
type: str
choices: ['per rule', 'per category', 'per application/site', 'per data type']
custom_frequency:
description:
- N/A
type: dict
suboptions:
every:
description:
- N/A
type: int
unit:
description:
- N/A
type: str
choices: ['hours', 'days', 'weeks', 'months']
frequency:
description:
- N/A
type: str
choices: ['once a day', 'once a week', 'once a month', 'custom frequency...']
interaction:
description:
- N/A
type: str
vpn:
description:
- Communities or Directional.
type: list
suboptions:
community:
description:
- List of community name or UID.
type: list
directional:
description:
- Communities directional match condition.
type: list
suboptions:
from:
description:
- From community name or UID.
type: str
to:
description:
- To community name or UID.
type: str
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-access-rule
cp_mgmt_access_rule:
layer: Network
name: Rule 1
position: 1
service:
- SMTP
- AOL
state: present
- name: set-access-rule
cp_mgmt_access_rule:
action: Ask
action_settings:
enable_identity_captive_portal: true
limit: Upload_1Gbps
layer: Network
name: Rule 1
state: present
- name: delete-access-rule
cp_mgmt_access_rule:
layer: Network
name: Rule 2
state: absent
"""
RETURN = """
cp_mgmt_access_rule:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule
def main():
argument_spec = dict(
layer=dict(type='str'),
position=dict(type='str'),
name=dict(type='str', required=True),
action=dict(type='str'),
action_settings=dict(type='dict', options=dict(
enable_identity_captive_portal=dict(type='bool'),
limit=dict(type='str')
)),
content=dict(type='list'),
content_direction=dict(type='str', choices=['any', 'up', 'down']),
content_negate=dict(type='bool'),
custom_fields=dict(type='dict', options=dict(
field_1=dict(type='str'),
field_2=dict(type='str'),
field_3=dict(type='str')
)),
destination=dict(type='list'),
destination_negate=dict(type='bool'),
enabled=dict(type='bool'),
inline_layer=dict(type='str'),
install_on=dict(type='list'),
service=dict(type='list'),
service_negate=dict(type='bool'),
source=dict(type='list'),
source_negate=dict(type='bool'),
time=dict(type='list'),
track=dict(type='dict', options=dict(
accounting=dict(type='bool'),
alert=dict(type='str', choices=['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']),
enable_firewall_session=dict(type='bool'),
per_connection=dict(type='bool'),
per_session=dict(type='bool'),
type=dict(type='str')
)),
user_check=dict(type='dict', options=dict(
confirm=dict(type='str', choices=['per rule', 'per category', 'per application/site', 'per data type']),
custom_frequency=dict(type='dict', options=dict(
every=dict(type='int'),
unit=dict(type='str', choices=['hours', 'days', 'weeks', 'months'])
)),
frequency=dict(type='str', choices=['once a day', 'once a week', 'once a month', 'custom frequency...']),
interaction=dict(type='str')
)),
vpn=dict(type='list', options=dict(
community=dict(type='list'),
directional=dict(type='list', options=dict(
to=dict(type='str')
))
)),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec['vpn']['options']['directional']['options']['from'] = dict(type='str')
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'access-rule'
if module.params['action'] is None and module.params['position'] is None:
result = api_call(module, api_call_object)
else:
result = api_call_for_rule(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

244
lib/ansible/modules/network/check_point/cp_mgmt_access_rule_facts.py
Unescape Escape View File

@ -1,244 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_access_rule_facts
short_description: Get access-rule objects facts on Check Point over Web Services API
description:
- Get access-rule objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name. Should be unique in the domain.
type: str
layer:
description:
- Layer that the rule belongs to identified by the name or UID.
type: str
show_as_ranges:
description:
- When true, the source, destination and services & applications parameters are displayed as ranges of IP addresses and port numbers rather than
network objects.<br /> Objects that are not represented using IP addresses or port numbers are presented as objects.<br /> In addition, the response
of each rule does not contain the parameters, source, source-negate, destination, destination-negate, service and service-negate, but instead it
contains the parameters, source-ranges, destination-ranges and service-ranges.<br /><br /> Note, Requesting to show rules as ranges is limited up to
20 rules per request, otherwise an error is returned. If you wish to request more rules, use the offset and limit parameters to limit your request.
type: bool
show_hits:
description:
- N/A
type: bool
hits_settings:
description:
- N/A
type: dict
suboptions:
from_date:
description:
- Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'.
type: str
target:
description:
- Target gateway name or UID.
type: str
to_date:
description:
- Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
filter:
description:
- Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical
operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
type: str
filter_settings:
description:
- Sets filter preferences.
type: dict
suboptions:
search_mode:
description:
- When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any'
object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell
or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
type: str
choices: ['general', 'packet']
packet_search_settings:
description:
- When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
type: dict
suboptions:
expand_group_members:
description:
- When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at
least one member of the group.
type: bool
expand_group_with_exclusion_members:
description:
- When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that
match at least one member of the "include" part and is not a member of the "except" part.
type: bool
match_on_any:
description:
- Whether to match on 'Any' object.
type: bool
match_on_group_with_exclusion:
description:
- Whether to match on a group-with-exclusion.
type: bool
match_on_negate:
description:
- Whether to match on a negated cell.
type: bool
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
package:
description:
- Name of the package.
type: str
use_object_dictionary:
description:
- N/A
type: bool
dereference_group_members:
description:
- Indicates whether to dereference "members" field by details level for every object in reply.
type: bool
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-access-rule
cp_mgmt_access_rule_facts:
layer: Network
name: Rule 1
- name: show-access-rulebase
cp_mgmt_access_rule_facts:
details_level: standard
limit: 20
name: Network
offset: 0
use_object_dictionary: true
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule
def main():
argument_spec = dict(
name=dict(type='str'),
layer=dict(type='str'),
show_as_ranges=dict(type='bool'),
show_hits=dict(type='bool'),
hits_settings=dict(type='dict', options=dict(
from_date=dict(type='str'),
target=dict(type='str'),
to_date=dict(type='str')
)),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
filter=dict(type='str'),
filter_settings=dict(type='dict', options=dict(
search_mode=dict(type='str', choices=['general', 'packet']),
packet_search_settings=dict(type='dict', options=dict(
expand_group_members=dict(type='bool'),
expand_group_with_exclusion_members=dict(type='bool'),
match_on_any=dict(type='bool'),
match_on_group_with_exclusion=dict(type='bool'),
match_on_negate=dict(type='bool')
))
)),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
package=dict(type='str'),
use_object_dictionary=dict(type='bool'),
dereference_group_members=dict(type='bool'),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "access-rule"
api_call_object_plural_version = "access-rulebase"
result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

213
lib/ansible/modules/network/check_point/cp_mgmt_address_range.py
Unescape Escape View File

@ -1,213 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_address_range
short_description: Manages address-range objects on Check Point over Web Services API
description:
- Manages address-range objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
ip_address_first:
description:
- First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
type: str
ipv4_address_first:
description:
- First IPv4 address in the range.
type: str
ipv6_address_first:
description:
- First IPv6 address in the range.
type: str
ip_address_last:
description:
- Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
type: str
ipv4_address_last:
description:
- Last IPv4 address in the range.
type: str
ipv6_address_last:
description:
- Last IPv6 address in the range.
type: str
nat_settings:
description:
- NAT settings.
type: dict
suboptions:
auto_rule:
description:
- Whether to add automatic address translation rules.
type: bool
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not
required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway".
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
hide_behind:
description:
- Hide behind method. This parameter is not required in case "method" parameter is "static".
type: str
choices: ['gateway', 'ip-address']
install_on:
description:
- Which gateway should apply the NAT translation.
type: str
method:
description:
- NAT translation method.
type: str
choices: ['hide', 'static']
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-address-range
cp_mgmt_address_range:
ip_address_first: 192.0.2.1
ip_address_last: 192.0.2.10
name: New Address Range 1
state: present
- name: set-address-range
cp_mgmt_address_range:
color: green
ip_address_first: 192.0.2.1
ip_address_last: 192.0.2.1
name: New Address Range 1
new_name: New Address Range 2
state: present
- name: delete-address-range
cp_mgmt_address_range:
name: New Address Range 2
state: absent
"""
RETURN = """
cp_mgmt_address_range:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
ip_address_first=dict(type='str'),
ipv4_address_first=dict(type='str'),
ipv6_address_first=dict(type='str'),
ip_address_last=dict(type='str'),
ipv4_address_last=dict(type='str'),
ipv6_address_last=dict(type='str'),
nat_settings=dict(type='dict', options=dict(
auto_rule=dict(type='bool'),
ip_address=dict(type='str'),
ipv4_address=dict(type='str'),
ipv6_address=dict(type='str'),
hide_behind=dict(type='str', choices=['gateway', 'ip-address']),
install_on=dict(type='str'),
method=dict(type='str', choices=['hide', 'static'])
)),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'address-range'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

131
lib/ansible/modules/network/check_point/cp_mgmt_address_range_facts.py
Unescape Escape View File

@ -1,131 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_address_range_facts
short_description: Get address-range objects facts on Check Point over Web Services API
description:
- Get address-range objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-address-range
cp_mgmt_address_range_facts:
name: New Address Range 1
- name: show-address-ranges
cp_mgmt_address_range_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "address-range"
api_call_object_plural_version = "address-ranges"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

200
lib/ansible/modules/network/check_point/cp_mgmt_administrator.py
Unescape Escape View File

@ -1,200 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_administrator
short_description: Manages administrator objects on Check Point over Web Services API
description:
- Manages administrator objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
authentication_method:
description:
- Authentication method.
type: str
choices: ['undefined', 'check point password', 'os password', 'securid', 'radius', 'tacacs', 'ad authentication']
email:
description:
- Administrator email.
type: str
expiration_date:
description:
- Format, YYYY-MM-DD, YYYY-mm-ddThh,mm,ss.
type: str
multi_domain_profile:
description:
- Administrator multi-domain profile.
type: str
must_change_password:
description:
- True if administrator must change password on the next login.
type: bool
password:
description:
- Administrator password.
type: str
password_hash:
description:
- Administrator password hash.
type: str
permissions_profile:
description:
- Administrator permissions profile. Permissions profile should not be provided when multi-domain-profile is set to "Multi-Domain Super User" or
"Domain Super User".
type: list
suboptions:
profile:
description:
- Permission profile.
type: str
phone_number:
description:
- Administrator phone number.
type: str
radius_server:
description:
- RADIUS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "RADIUS".
type: str
tacacs_server:
description:
- TACACS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "TACACS".
type: str
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-administrator
cp_mgmt_administrator:
authentication_method: INTERNAL_PASSWORD
email: admin@gmail.com
must_change_password: false
name: admin
password: secret
permissions_profile: read write all
phone_number: 1800-800-800
state: present
- name: set-administrator
cp_mgmt_administrator:
name: admin
password: bew secret
permissions_profile: read only profile
state: present
- name: delete-administrator
cp_mgmt_administrator:
name: admin
state: absent
"""
RETURN = """
cp_mgmt_administrator:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
authentication_method=dict(type='str', choices=['undefined', 'check point password',
'os password', 'securid', 'radius', 'tacacs', 'ad authentication']),
email=dict(type='str'),
expiration_date=dict(type='str'),
multi_domain_profile=dict(type='str'),
must_change_password=dict(type='bool'),
password=dict(type='str'),
password_hash=dict(type='str'),
permissions_profile=dict(type='list', options=dict(
profile=dict(type='str')
)),
phone_number=dict(type='str'),
radius_server=dict(type='str'),
tacacs_server=dict(type='str'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'administrator'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

126
lib/ansible/modules/network/check_point/cp_mgmt_administrator_facts.py
Unescape Escape View File

@ -1,126 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_administrator_facts
short_description: Get administrator objects facts on Check Point over Web Services API
description:
- Get administrator objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-administrator
cp_mgmt_administrator_facts:
name: admin
- name: show-administrators
cp_mgmt_administrator_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "administrator"
api_call_object_plural_version = "administrators"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

176
lib/ansible/modules/network/check_point/cp_mgmt_application_site.py
Unescape Escape View File

@ -1,176 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_application_site
short_description: Manages application-site objects on Check Point over Web Services API
description:
- Manages application-site objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
primary_category:
description:
- Each application is assigned to one primary category based on its most defining aspect.
type: str
url_list:
description:
- URLs that determine this particular application.
type: list
application_signature:
description:
- Application signature generated by <a
href="https,//supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103051">Signature Tool</a>.
type: str
additional_categories:
description:
- Used to configure or edit the additional categories of a custom application / site used in the Application and URL Filtering or Threat Prevention.
type: list
description:
description:
- A description for the application.
type: str
tags:
description:
- Collection of tag identifiers.
type: list
urls_defined_as_regular_expression:
description:
- States whether the URL is defined as a Regular Expression or not.
type: bool
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-application-site
cp_mgmt_application_site:
additional_categories:
- Instant Chat
- Supports Streaming
- New Application Site Category 1
description: My Application Site
name: New Application Site 1
primary_category: Social Networking
state: present
url_list:
- www.cnet.com
- www.stackoverflow.com
urls_defined_as_regular_expression: false
- name: set-application-site
cp_mgmt_application_site:
description: My New Application Site
name: New Application Site 1
primary_category: Instant Chat
state: present
urls_defined_as_regular_expression: true
- name: delete-application-site
cp_mgmt_application_site:
name: New Application Site 2
state: absent
"""
RETURN = """
cp_mgmt_application_site:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
primary_category=dict(type='str'),
url_list=dict(type='list'),
application_signature=dict(type='str'),
additional_categories=dict(type='list'),
description=dict(type='str'),
tags=dict(type='list'),
urls_defined_as_regular_expression=dict(type='bool'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'application-site'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

139
lib/ansible/modules/network/check_point/cp_mgmt_application_site_category.py
Unescape Escape View File

@ -1,139 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_application_site_category
short_description: Manages application-site-category objects on Check Point over Web Services API
description:
- Manages application-site-category objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
description:
description:
- N/A
type: str
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-application-site-category
cp_mgmt_application_site_category:
description: My Application Site category
name: New Application Site Category 1
state: present
- name: set-application-site-category
cp_mgmt_application_site_category:
description: My new Application Site category
name: New Application Site Category 1
state: present
- name: delete-application-site-category
cp_mgmt_application_site_category:
name: New Application Site Category 2
state: absent
"""
RETURN = """
cp_mgmt_application_site_category:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
description=dict(type='str'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'application-site-category'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

126
lib/ansible/modules/network/check_point/cp_mgmt_application_site_category_facts.py
Unescape Escape View File

@ -1,126 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_application_site_category_facts
short_description: Get application-site-category objects facts on Check Point over Web Services API
description:
- Get application-site-category objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-application-site-category
cp_mgmt_application_site_category_facts:
name: Social Networking
- name: show-application-site-categories
cp_mgmt_application_site_category_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "application-site-category"
api_call_object_plural_version = "application-site-categories"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

136
lib/ansible/modules/network/check_point/cp_mgmt_application_site_facts.py
Unescape Escape View File

@ -1,136 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_application_site_facts
short_description: Get application-site objects facts on Check Point over Web Services API
description:
- Get application-site objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
application_id:
description:
- Object application identifier.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-application-site
cp_mgmt_application_site_facts:
name: facebook
- name: show-application-sites
cp_mgmt_application_site_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
application_id=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "application-site"
api_call_object_plural_version = "application-sites"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

144
lib/ansible/modules/network/check_point/cp_mgmt_application_site_group.py
Unescape Escape View File

@ -1,144 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_application_site_group
short_description: Manages application-site-group objects on Check Point over Web Services API
description:
- Manages application-site-group objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
members:
description:
- Collection of application and URL filtering objects identified by the name or UID.
type: list
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-application-site-group
cp_mgmt_application_site_group:
members:
- facebook
- Social Networking
- New Application Site 1
- New Application Site Category 1
name: New Application Site Group 1
state: present
- name: set-application-site-group
cp_mgmt_application_site_group:
name: New Application Site Group 1
members:
- AliveProxy
state: present
- name: delete-application-site-group
cp_mgmt_application_site_group:
name: New Application Site Group 1
state: absent
"""
RETURN = """
cp_mgmt_application_site_group:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
members=dict(type='list'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'application-site-group'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

136
lib/ansible/modules/network/check_point/cp_mgmt_application_site_group_facts.py
Unescape Escape View File

@ -1,136 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_application_site_group_facts
short_description: Get application-site-group objects facts on Check Point over Web Services API
description:
- Get application-site-group objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
dereference_group_members:
description:
- Indicates whether to dereference "members" field by details level for every object in reply.
type: bool
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-application-site-group
cp_mgmt_application_site_group_facts:
name: New Application Site Group 1
- name: show-application-site-groups
cp_mgmt_application_site_group_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
dereference_group_members=dict(type='bool'),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "application-site-group"
api_call_object_plural_version = "application-site-groups"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

90
lib/ansible/modules/network/check_point/cp_mgmt_assign_global_assignment.py
Unescape Escape View File

@ -1,90 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_assign_global_assignment
short_description: assign global assignment on Check Point over Web Services API
description:
- assign global assignment on Check Point over Web Services API
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
dependent_domains:
description:
- N/A
type: list
global_domains:
description:
- N/A
type: list
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
extends_documentation_fragment: checkpoint_commands
"""
EXAMPLES = """
- name: assign-global-assignment
cp_mgmt_assign_global_assignment:
dependent_domains: domain1
global_domains: Global2
"""
RETURN = """
cp_mgmt_assign_global_assignment:
description: The checkpoint assign-global-assignment output.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
def main():
argument_spec = dict(
dependent_domains=dict(type='list'),
global_domains=dict(type='list'),
details_level=dict(type='str', choices=['uid', 'standard', 'full'])
)
argument_spec.update(checkpoint_argument_spec_for_commands)
module = AnsibleModule(argument_spec=argument_spec)
command = "assign-global-assignment"
result = api_command(module, command)
module.exit_json(**result)
if __name__ == '__main__':
main()

76
lib/ansible/modules/network/check_point/cp_mgmt_discard.py
Unescape Escape View File

@ -1,76 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_discard
short_description: All changes done by user are discarded and removed from database.
description:
- All changes done by user are discarded and removed from database.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
uid:
description:
- Session unique identifier. Specify it to discard a different session than the one you currently use.
type: str
extends_documentation_fragment: checkpoint_commands
"""
EXAMPLES = """
- name: discard
cp_mgmt_discard:
"""
RETURN = """
cp_mgmt_discard:
description: The checkpoint discard output.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
def main():
argument_spec = dict(
uid=dict(type='str')
)
argument_spec.update(checkpoint_argument_spec_for_commands)
module = AnsibleModule(argument_spec=argument_spec)
command = "discard"
result = api_command(module, command)
module.exit_json(**result)
if __name__ == '__main__':
main()

134
lib/ansible/modules/network/check_point/cp_mgmt_dns_domain.py
Unescape Escape View File

@ -1,134 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_dns_domain
short_description: Manages dns-domain objects on Check Point over Web Services API
description:
- Manages dns-domain objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
is_sub_domain:
description:
- Whether to match sub-domains in addition to the domain itself.
type: bool
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-dns-domain
cp_mgmt_dns_domain:
is_sub_domain: false
name: .www.example.com
state: present
- name: set-dns-domain
cp_mgmt_dns_domain:
is_sub_domain: true
name: .www.example.com
state: present
- name: delete-dns-domain
cp_mgmt_dns_domain:
name: .example.com
state: absent
"""
RETURN = """
cp_mgmt_dns_domain:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
is_sub_domain=dict(type='bool'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'dns-domain'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

131
lib/ansible/modules/network/check_point/cp_mgmt_dns_domain_facts.py
Unescape Escape View File

@ -1,131 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_dns_domain_facts
short_description: Get dns-domain objects facts on Check Point over Web Services API
description:
- Get dns-domain objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-dns-domain
cp_mgmt_dns_domain_facts:
name: .www.example.com
- name: show-dns-domains
cp_mgmt_dns_domain_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "dns-domain"
api_call_object_plural_version = "dns-domains"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

124
lib/ansible/modules/network/check_point/cp_mgmt_dynamic_object.py
Unescape Escape View File

@ -1,124 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_dynamic_object
short_description: Manages dynamic-object objects on Check Point over Web Services API
description:
- Manages dynamic-object objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-dynamic-object
cp_mgmt_dynamic_object:
color: yellow
comments: My Dynamic Object 1
name: Dynamic_Object_1
state: present
- name: delete-dynamic-object
cp_mgmt_dynamic_object:
name: Dynamic_Object_2
state: absent
"""
RETURN = """
cp_mgmt_dynamic_object:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'dynamic-object'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

128
lib/ansible/modules/network/check_point/cp_mgmt_dynamic_object_facts.py
Unescape Escape View File

@ -1,128 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_dynamic_object_facts
short_description: Get dynamic-object objects facts on Check Point over Web Services API
description:
- Get dynamic-object objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-dynamic-object
cp_mgmt_dynamic_object_facts:
name: Dynamic_Object_1
- name: show-dynamic-objects
cp_mgmt_dynamic_object_facts:
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "dynamic-object"
api_call_object_plural_version = "dynamic-objects"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

177
lib/ansible/modules/network/check_point/cp_mgmt_exception_group.py
Unescape Escape View File

@ -1,177 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_exception_group
short_description: Manages exception-group objects on Check Point over Web Services API
description:
- Manages exception-group objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
applied_profile:
description:
- The threat profile to apply this group to in the case of apply-on threat-rules-with-specific-profile.
type: str
applied_threat_rules:
description:
- The threat rules to apply this group on in the case of apply-on manually-select-threat-rules.
type: dict
suboptions:
add:
description:
- Adds to collection of values
type: list
suboptions:
layer:
description:
- The layer of the threat rule to which the group is to be attached.
type: str
name:
description:
- The name of the threat rule to which the group is to be attached.
type: str
rule_number:
description:
- The rule-number of the threat rule to which the group is to be attached.
type: str
position:
description:
- Position in the rulebase.
type: str
apply_on:
description:
- An exception group can be set to apply on all threat rules, all threat rules which have a specific profile, or those rules manually chosen by the user.
type: str
choices: ['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules']
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-exception-group
cp_mgmt_exception_group:
applied_threat_rules.0.layer: MyLayer
applied_threat_rules.0.name: MyThreatRule
apply_on: manually-select-threat-rules
name: exception_group_2
state: present
- name: set-exception-group
cp_mgmt_exception_group:
apply_on: all-threat-rules
name: exception_group_2
state: present
tags: tag3
- name: delete-exception-group
cp_mgmt_exception_group:
name: exception_group_2
state: absent
"""
RETURN = """
cp_mgmt_exception_group:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
applied_profile=dict(type='str'),
applied_threat_rules=dict(type='dict', options=dict(
add=dict(type='list', options=dict(
layer=dict(type='str'),
name=dict(type='str'),
rule_number=dict(type='str'),
position=dict(type='str')
))
)),
apply_on=dict(type='str', choices=['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules']),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'exception-group'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

126
lib/ansible/modules/network/check_point/cp_mgmt_exception_group_facts.py
Unescape Escape View File

@ -1,126 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_exception_group_facts
short_description: Get exception-group objects facts on Check Point over Web Services API
description:
- Get exception-group objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-exception-group
cp_mgmt_exception_group_facts:
name: exception_group_2
- name: show-exception-groups
cp_mgmt_exception_group_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "exception-group"
api_call_object_plural_version = "exception-groups"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

132
lib/ansible/modules/network/check_point/cp_mgmt_global_assignment.py
Unescape Escape View File

@ -1,132 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_global_assignment
short_description: Manages global-assignment objects on Check Point over Web Services API
description:
- Manages global-assignment objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
dependent_domain:
description:
- N/A
type: str
global_access_policy:
description:
- Global domain access policy that is assigned to a dependent domain.
type: str
global_domain:
description:
- N/A
type: str
global_threat_prevention_policy:
description:
- Global domain threat prevention policy that is assigned to a dependent domain.
type: str
manage_protection_actions:
description:
- N/A
type: bool
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-global-assignment
cp_mgmt_global_assignment:
dependent_domain: domain2
global_access_policy: standard
global_domain: Global
global_threat_prevention_policy: standard
manage_protection_actions: true
state: present
- name: set-global-assignment
cp_mgmt_global_assignment:
dependent_domain: domain1
global_domain: Global2
global_threat_prevention_policy: ''
manage_protection_actions: false
state: present
- name: delete-global-assignment
cp_mgmt_global_assignment:
dependent_domain: domain1
global_domain: Global2
state: absent
"""
RETURN = """
cp_mgmt_global_assignment:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
dependent_domain=dict(type='str'),
global_access_policy=dict(type='str'),
global_domain=dict(type='str'),
global_threat_prevention_policy=dict(type='str'),
manage_protection_actions=dict(type='bool'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'global-assignment'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

131
lib/ansible/modules/network/check_point/cp_mgmt_global_assignment_facts.py
Unescape Escape View File

@ -1,131 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_global_assignment_facts
short_description: Get global-assignment objects facts on Check Point over Web Services API
description:
- Get global-assignment objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
dependent_domain:
description:
- N/A
type: str
global_domain:
description:
- N/A
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-global-assignment
cp_mgmt_global_assignment_facts:
dependent_domain: domain1
global_domain: Global2
- name: show-global-assignments
cp_mgmt_global_assignment_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
dependent_domain=dict(type='str'),
global_domain=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "global-assignment"
api_call_object_plural_version = "global-assignments"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

140
lib/ansible/modules/network/check_point/cp_mgmt_group.py
Unescape Escape View File

@ -1,140 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_group
short_description: Manages group objects on Check Point over Web Services API
description:
- Manages group objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
members:
description:
- Collection of Network objects identified by the name or UID.
type: list
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-group
cp_mgmt_group:
members:
- New Host 1
- My Test Host 3
name: New Group 5
state: present
- name: set-group
cp_mgmt_group:
name: New Group 1
state: present
- name: delete-group
cp_mgmt_group:
name: New Group 1
state: absent
"""
RETURN = """
cp_mgmt_group:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
members=dict(type='list'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'group'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

143
lib/ansible/modules/network/check_point/cp_mgmt_group_facts.py
Unescape Escape View File

@ -1,143 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_group_facts
short_description: Get group objects facts on Check Point over Web Services API
description:
- Get group objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
show_as_ranges:
description:
- When true, the group's matched content is displayed as ranges of IP addresses rather than network objects.<br />Objects that are not
represented using IP addresses are presented as objects.<br />The 'members' parameter is omitted from the response and instead the 'ranges' parameter
is displayed.
type: bool
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
dereference_group_members:
description:
- Indicates whether to dereference "members" field by details level for every object in reply.
type: bool
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-group
cp_mgmt_group_facts:
name: Demo_Group
- name: show-groups
cp_mgmt_group_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
show_as_ranges=dict(type='bool'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
dereference_group_members=dict(type='bool'),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "group"
api_call_object_plural_version = "groups"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

146
lib/ansible/modules/network/check_point/cp_mgmt_group_with_exclusion.py
Unescape Escape View File

@ -1,146 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_group_with_exclusion
short_description: Manages group-with-exclusion objects on Check Point over Web Services API
description:
- Manages group-with-exclusion objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
except:
description:
- Name or UID of an object which the group excludes.
type: str
include:
description:
- Name or UID of an object which the group includes.
type: str
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-group-with-exclusion
cp_mgmt_group_with_exclusion:
except: New Group 2
include: New Group 1
name: Group with exclusion
state: present
- name: set-group-with-exclusion
cp_mgmt_group_with_exclusion:
except: New Group 1
include: New Group 2
name: Group with exclusion
state: present
- name: delete-group-with-exclusion
cp_mgmt_group_with_exclusion:
name: Group with exclusion
state: absent
"""
RETURN = """
cp_mgmt_group_with_exclusion:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
include=dict(type='str'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec['except'] = dict(type='str')
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'group-with-exclusion'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

133
lib/ansible/modules/network/check_point/cp_mgmt_group_with_exclusion_facts.py
Unescape Escape View File

@ -1,133 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_group_with_exclusion_facts
short_description: Get group-with-exclusion objects facts on Check Point over Web Services API
description:
- Get group-with-exclusion objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
show_as_ranges:
description:
- When true, the group with exclusion's matched content is displayed as ranges of IP addresses rather than network objects.<br />Objects that
are not represented using IP addresses are presented as objects.<br />The 'include' and 'except' parameters are omitted from the response and instead
the 'ranges' parameter is displayed.
type: bool
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-group-with-exclusion
cp_mgmt_group_with_exclusion_facts:
name: Group with exclusion
- name: show-groups-with-exclusion
cp_mgmt_group_with_exclusion_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
show_as_ranges=dict(type='bool'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "group-with-exclusion"
api_call_object_plural_version = "groups-with-exclusion"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

333
lib/ansible/modules/network/check_point/cp_mgmt_host.py
Unescape Escape View File

@ -1,333 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_host
short_description: Manages host objects on Check Point over Web Services API
description:
- Manages host objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
interfaces:
description:
- Host interfaces.
type: list
suboptions:
name:
description:
- Interface name.
type: str
subnet:
description:
- IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly.
type: str
subnet4:
description:
- IPv4 network address.
type: str
subnet6:
description:
- IPv6 network address.
type: str
mask_length:
description:
- IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask
length it is possible to specify IPv4 mask itself in subnet-mask field.
type: int
mask_length4:
description:
- IPv4 network mask length.
type: int
mask_length6:
description:
- IPv6 network mask length.
type: int
subnet_mask:
description:
- IPv4 network mask.
type: str
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange',
'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray',
'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive',
'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
nat_settings:
description:
- NAT settings.
type: dict
suboptions:
auto_rule:
description:
- Whether to add automatic address translation rules.
type: bool
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not
required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway".
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
hide_behind:
description:
- Hide behind method. This parameter is not required in case "method" parameter is "static".
type: str
choices: ['gateway', 'ip-address']
install_on:
description:
- Which gateway should apply the NAT translation.
type: str
method:
description:
- NAT translation method.
type: str
choices: ['hide', 'static']
tags:
description:
- Collection of tag identifiers.
type: list
host_servers:
description:
- Servers Configuration.
type: dict
suboptions:
dns_server:
description:
- Gets True if this server is a DNS Server.
type: bool
mail_server:
description:
- Gets True if this server is a Mail Server.
type: bool
web_server:
description:
- Gets True if this server is a Web Server.
type: bool
web_server_config:
description:
- Web Server configuration.
type: dict
suboptions:
additional_ports:
description:
- Server additional ports.
type: list
application_engines:
description:
- Application engines of this web server.
type: list
listen_standard_port:
description:
- Whether server listens to standard port.
type: bool
operating_system:
description:
- Operating System.
type: str
choices: ['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris']
protected_by:
description:
- Network object which protects this server identified by the name or UID.
type: str
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-host
cp_mgmt_host:
ip_address: 192.0.2.1
name: New Host 1
state: present
- name: set-host
cp_mgmt_host:
color: green
ipv4_address: 192.0.2.2
name: New Host 1
state: present
- name: delete-host
cp_mgmt_host:
name: New Host 1
state: absent
"""
RETURN = """
cp_mgmt_host:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
ip_address=dict(type='str'),
ipv4_address=dict(type='str'),
ipv6_address=dict(type='str'),
interfaces=dict(type='list', options=dict(
name=dict(type='str'),
subnet=dict(type='str'),
subnet4=dict(type='str'),
subnet6=dict(type='str'),
mask_length=dict(type='int'),
mask_length4=dict(type='int'),
mask_length6=dict(type='int'),
subnet_mask=dict(type='str'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan',
'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick',
'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral',
'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red',
'sienna', 'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)),
nat_settings=dict(type='dict', options=dict(
auto_rule=dict(type='bool'),
ip_address=dict(type='str'),
ipv4_address=dict(type='str'),
ipv6_address=dict(type='str'),
hide_behind=dict(type='str', choices=['gateway', 'ip-address']),
install_on=dict(type='str'),
method=dict(type='str', choices=['hide', 'static'])
)),
tags=dict(type='list'),
host_servers=dict(type='dict', options=dict(
dns_server=dict(type='bool'),
mail_server=dict(type='bool'),
web_server=dict(type='bool'),
web_server_config=dict(type='dict', options=dict(
additional_ports=dict(type='list'),
application_engines=dict(type='list'),
listen_standard_port=dict(type='bool'),
operating_system=dict(type='str', choices=['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris']),
protected_by=dict(type='str')
))
)),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'host'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

131
lib/ansible/modules/network/check_point/cp_mgmt_host_facts.py
Unescape Escape View File

@ -1,131 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_host_facts
short_description: Get host objects facts on Check Point over Web Services API
description:
- Get host objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-host
cp_mgmt_host_facts:
name: New Host 1
- name: show-hosts
cp_mgmt_host_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "host"
api_call_object_plural_version = "hosts"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

126
lib/ansible/modules/network/check_point/cp_mgmt_install_policy.py
Unescape Escape View File

@ -1,126 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_install_policy
short_description: install policy on Check Point over Web Services API
description:
- install policy on Check Point over Web Services API
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
policy_package:
description:
- The name of the Policy Package to be installed.
type: str
targets:
description:
- On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
type: list
access:
description:
- Set to be true in order to install the Access Control policy. By default, the value is true if Access Control policy is enabled on the input
policy package, otherwise false.
type: bool
desktop_security:
description:
- Set to be true in order to install the Desktop Security policy. By default, the value is true if desktop security policy is enabled on the
input policy package, otherwise false.
type: bool
qos:
description:
- Set to be true in order to install the QoS policy. By default, the value is true if Quality-of-Service policy is enabled on the input policy
package, otherwise false.
type: bool
threat_prevention:
description:
- Set to be true in order to install the Threat Prevention policy. By default, the value is true if Threat Prevention policy is enabled on the
input policy package, otherwise false.
type: bool
install_on_all_cluster_members_or_fail:
description:
- Relevant for the gateway clusters. If true, the policy is installed on all the cluster members. If the installation on a cluster member fails,
don't install on that cluster.
type: bool
prepare_only:
description:
- If true, prepares the policy for the installation, but doesn't install it on an installation target.
type: bool
revision:
description:
- The UID of the revision of the policy to install.
type: str
extends_documentation_fragment: checkpoint_commands
"""
EXAMPLES = """
- name: install-policy
cp_mgmt_install_policy:
access: true
policy_package: standard
targets:
- corporate-gateway
threat_prevention: true
"""
RETURN = """
cp_mgmt_install_policy:
description: The checkpoint install-policy output.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
def main():
argument_spec = dict(
policy_package=dict(type='str'),
targets=dict(type='list'),
access=dict(type='bool'),
desktop_security=dict(type='bool'),
qos=dict(type='bool'),
threat_prevention=dict(type='bool'),
install_on_all_cluster_members_or_fail=dict(type='bool'),
prepare_only=dict(type='bool'),
revision=dict(type='str')
)
argument_spec.update(checkpoint_argument_spec_for_commands)
module = AnsibleModule(argument_spec=argument_spec)
command = "install-policy"
result = api_command(module, command)
module.exit_json(**result)
if __name__ == '__main__':
main()

123
lib/ansible/modules/network/check_point/cp_mgmt_mds_facts.py
Unescape Escape View File

@ -1,123 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_mds_facts
short_description: Get Multi-Domain Server (mds) objects facts on Check Point over Web Services API
description:
- Get mds objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-mds
cp_mgmt_mds_facts:
name: test_mds1
- name: show-mdss
cp_mgmt_mds_facts:
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "mds"
api_call_object_plural_version = "mdss"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

181
lib/ansible/modules/network/check_point/cp_mgmt_multicast_address_range.py
Unescape Escape View File

@ -1,181 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_multicast_address_range
short_description: Manages multicast-address-range objects on Check Point over Web Services API
description:
- Manages multicast-address-range objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
ip_address_first:
description:
- First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
type: str
ipv4_address_first:
description:
- First IPv4 address in the range.
type: str
ipv6_address_first:
description:
- First IPv6 address in the range.
type: str
ip_address_last:
description:
- Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
type: str
ipv4_address_last:
description:
- Last IPv4 address in the range.
type: str
ipv6_address_last:
description:
- Last IPv6 address in the range.
type: str
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-multicast-address-range
cp_mgmt_multicast_address_range:
ip_address_first: 224.0.0.1
ip_address_last: 224.0.0.4
name: New Multicast Address Range
state: present
- name: set-multicast-address-range
cp_mgmt_multicast_address_range:
ip_address_first: 224.0.0.7
ip_address_last: 224.0.0.10
name: New Multicast Address Range
state: present
- name: delete-multicast-address-range
cp_mgmt_multicast_address_range:
name: New Multicast Address Range
state: absent
"""
RETURN = """
cp_mgmt_multicast_address_range:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
ip_address=dict(type='str'),
ipv4_address=dict(type='str'),
ipv6_address=dict(type='str'),
ip_address_first=dict(type='str'),
ipv4_address_first=dict(type='str'),
ipv6_address_first=dict(type='str'),
ip_address_last=dict(type='str'),
ipv4_address_last=dict(type='str'),
ipv6_address_last=dict(type='str'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'multicast-address-range'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

129
lib/ansible/modules/network/check_point/cp_mgmt_multicast_address_range_facts.py
Unescape Escape View File

@ -1,129 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_multicast_address_range_facts
short_description: Get multicast-address-range objects facts on Check Point over Web Services API
description:
- Get multicast-address-range objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-multicast-address-range
cp_mgmt_multicast_address_range_facts:
name: New Multicast Address Range
- name: show-multicast-address-ranges
cp_mgmt_multicast_address_range_facts:
details_level: full
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "multicast-address-range"
api_call_object_plural_version = "multicast-address-ranges"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

225
lib/ansible/modules/network/check_point/cp_mgmt_network.py
Unescape Escape View File

@ -1,225 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_network
short_description: Manages network objects on Check Point over Web Services API
description:
- Manages network objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
subnet:
description:
- IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly.
type: str
subnet4:
description:
- IPv4 network address.
type: str
subnet6:
description:
- IPv6 network address.
type: str
mask_length:
description:
- IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask length
it is possible to specify IPv4 mask itself in subnet-mask field.
type: int
mask_length4:
description:
- IPv4 network mask length.
type: int
mask_length6:
description:
- IPv6 network mask length.
type: int
subnet_mask:
description:
- IPv4 network mask.
type: str
nat_settings:
description:
- NAT settings.
type: dict
suboptions:
auto_rule:
description:
- Whether to add automatic address translation rules.
type: bool
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not
required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway".
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
hide_behind:
description:
- Hide behind method. This parameter is not required in case "method" parameter is "static".
type: str
choices: ['gateway', 'ip-address']
install_on:
description:
- Which gateway should apply the NAT translation.
type: str
method:
description:
- NAT translation method.
type: str
choices: ['hide', 'static']
tags:
description:
- Collection of tag identifiers.
type: list
broadcast:
description:
- Allow broadcast address inclusion.
type: str
choices: ['disallow', 'allow']
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-network
cp_mgmt_network:
name: New Network 1
state: present
subnet: 192.0.2.0
subnet_mask: 255.255.255.0
- name: set-network
cp_mgmt_network:
color: green
mask_length: 16
name: New Network 1
new_name: New Network 2
state: present
subnet: 192.0.0.0
- name: delete-network
cp_mgmt_network:
name: New Network 2
state: absent
"""
RETURN = """
cp_mgmt_network:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
subnet=dict(type='str'),
subnet4=dict(type='str'),
subnet6=dict(type='str'),
mask_length=dict(type='int'),
mask_length4=dict(type='int'),
mask_length6=dict(type='int'),
subnet_mask=dict(type='str'),
nat_settings=dict(type='dict', options=dict(
auto_rule=dict(type='bool'),
ip_address=dict(type='str'),
ipv4_address=dict(type='str'),
ipv6_address=dict(type='str'),
hide_behind=dict(type='str', choices=['gateway', 'ip-address']),
install_on=dict(type='str'),
method=dict(type='str', choices=['hide', 'static'])
)),
tags=dict(type='list'),
broadcast=dict(type='str', choices=['disallow', 'allow']),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'network'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

131
lib/ansible/modules/network/check_point/cp_mgmt_network_facts.py
Unescape Escape View File

@ -1,131 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_network_facts
short_description: Get network objects facts on Check Point over Web Services API
description:
- Get network objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-network
cp_mgmt_network_facts:
name: New Network 1
- name: show-networks
cp_mgmt_network_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "network"
api_call_object_plural_version = "networks"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

243
lib/ansible/modules/network/check_point/cp_mgmt_package.py
Unescape Escape View File

@ -1,243 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_package
short_description: Manages package objects on Check Point over Web Services API
description:
- Manages package objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
access:
description:
- True - enables, False - disables access & NAT policies, empty - nothing is changed.
type: bool
desktop_security:
description:
- True - enables, False - disables Desktop security policy, empty - nothing is changed.
type: bool
installation_targets:
description:
- Which Gateways identified by the name or UID to install the policy on.
type: list
qos:
description:
- True - enables, False - disables QoS policy, empty - nothing is changed.
type: bool
qos_policy_type:
description:
- QoS policy type.
type: str
choices: ['recommended', 'express']
tags:
description:
- Collection of tag identifiers.
type: list
threat_prevention:
description:
- True - enables, False - disables Threat policy, empty - nothing is changed.
type: bool
vpn_traditional_mode:
description:
- True - enables, False - disables VPN traditional mode, empty - nothing is changed.
type: bool
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
access_layers:
description:
- Access policy layers.
type: dict
suboptions:
add:
description:
- Collection of Access layer objects to be added identified by the name or UID.
type: list
suboptions:
name:
description:
- Layer name or UID.
type: str
position:
description:
- Layer position.
type: int
remove:
description:
- Collection of Access layer objects to be removed identified by the name or UID.
type: list
value:
description:
- Collection of Access layer objects to be set identified by the name or UID. Replaces existing Access layers.
type: list
threat_layers:
description:
- Threat policy layers.
type: dict
suboptions:
add:
description:
- Collection of Threat layer objects to be added identified by the name or UID.
type: list
suboptions:
name:
description:
- Layer name or UID.
type: str
position:
description:
- Layer position.
type: int
remove:
description:
- Collection of Threat layer objects to be removed identified by the name or UID.
type: list
value:
description:
- Collection of Threat layer objects to be set identified by the name or UID. Replaces existing Threat layers.
type: list
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-package
cp_mgmt_package:
access: true
color: green
comments: My Comments
name: New_Standard_Package_1
state: present
threat_prevention: false
- name: set-package
cp_mgmt_package:
access_layers:
add:
- name: New Access Layer 1
position: 1
name: Standard
state: present
threat_layers:
add:
- name: New Layer 1
position: 2
- name: delete-package
cp_mgmt_package:
name: New Standard Package 1
state: absent
"""
RETURN = """
cp_mgmt_package:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
access=dict(type='bool'),
desktop_security=dict(type='bool'),
installation_targets=dict(type='list'),
qos=dict(type='bool'),
qos_policy_type=dict(type='str', choices=['recommended', 'express']),
tags=dict(type='list'),
threat_prevention=dict(type='bool'),
vpn_traditional_mode=dict(type='bool'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool'),
access_layers=dict(type='dict', options=dict(
add=dict(type='list', options=dict(
name=dict(type='str'),
position=dict(type='int')
)),
remove=dict(type='list'),
value=dict(type='list')
)),
threat_layers=dict(type='dict', options=dict(
add=dict(type='list', options=dict(
name=dict(type='str'),
position=dict(type='int')
)),
remove=dict(type='list'),
value=dict(type='list')
))
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'package'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

126
lib/ansible/modules/network/check_point/cp_mgmt_package_facts.py
Unescape Escape View File

@ -1,126 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_package_facts
short_description: Get package objects facts on Check Point over Web Services API
description:
- Get package objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-package
cp_mgmt_package_facts:
name: New_Standard_Package_1
- name: show-packages
cp_mgmt_package_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "package"
api_call_object_plural_version = "packages"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

76
lib/ansible/modules/network/check_point/cp_mgmt_publish.py
Unescape Escape View File

@ -1,76 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_publish
short_description: All the changes done by this user will be seen by all users only after publish is called.
description:
- All the changes done by this user will be seen by all users only after publish is called.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
uid:
description:
- Session unique identifier. Specify it to publish a different session than the one you currently use.
type: str
extends_documentation_fragment: checkpoint_commands
"""
EXAMPLES = """
- name: publish
cp_mgmt_publish:
"""
RETURN = """
cp_mgmt_publish:
description: The checkpoint publish output.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
def main():
argument_spec = dict(
uid=dict(type='str')
)
argument_spec.update(checkpoint_argument_spec_for_commands)
module = AnsibleModule(argument_spec=argument_spec)
command = "publish"
result = api_command(module, command)
module.exit_json(**result)
if __name__ == '__main__':
main()

101
lib/ansible/modules/network/check_point/cp_mgmt_put_file.py
Unescape Escape View File

@ -1,101 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_put_file
short_description: put file on Check Point over Web Services API
description:
- put file on Check Point over Web Services API
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
targets:
description:
- On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
type: list
file_content:
description:
- N/A
type: str
file_name:
description:
- N/A
type: str
file_path:
description:
- N/A
type: str
comments:
description:
- Comments string.
type: str
extends_documentation_fragment: checkpoint_commands
"""
EXAMPLES = """
- name: put-file
cp_mgmt_put_file:
file_content: 'vs ip 192.0.2.1\nvs2 ip 192.0.2.2'
file_name: vsx_conf
file_path: /home/admin/
targets:
- corporate-gateway
"""
RETURN = """
cp_mgmt_put_file:
description: The checkpoint put-file output.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
def main():
argument_spec = dict(
targets=dict(type='list'),
file_content=dict(type='str'),
file_name=dict(type='str'),
file_path=dict(type='str'),
comments=dict(type='str')
)
argument_spec.update(checkpoint_argument_spec_for_commands)
module = AnsibleModule(argument_spec=argument_spec)
command = "put-file"
result = api_command(module, command)
module.exit_json(**result)
if __name__ == '__main__':
main()

76
lib/ansible/modules/network/check_point/cp_mgmt_run_ips_update.py
Unescape Escape View File

@ -1,76 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_run_ips_update
short_description: Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center.
description:
- Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
package_path:
description:
- Offline update package path.
type: str
extends_documentation_fragment: checkpoint_commands
"""
EXAMPLES = """
- name: run-ips-update
cp_mgmt_run_ips_update:
"""
RETURN = """
cp_mgmt_run_ips_update:
description: The checkpoint run-ips-update output.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
def main():
argument_spec = dict(
package_path=dict(type='str')
)
argument_spec.update(checkpoint_argument_spec_for_commands)
module = AnsibleModule(argument_spec=argument_spec)
command = "run-ips-update"
result = api_command(module, command)
module.exit_json(**result)
if __name__ == '__main__':
main()

100
lib/ansible/modules/network/check_point/cp_mgmt_run_script.py
Unescape Escape View File

@ -1,100 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_run_script
short_description: Executes the script on a given list of targets.
description:
- Executes the script on a given list of targets.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
script_name:
description:
- Script name.
type: str
script:
description:
- Script body.
type: str
targets:
description:
- On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
type: list
args:
description:
- Script arguments.
type: str
comments:
description:
- Comments string.
type: str
extends_documentation_fragment: checkpoint_commands
"""
EXAMPLES = """
- name: run-script
cp_mgmt_run_script:
script: ls -l /
script_name: 'Script Example: List files under / dir'
targets:
- corporate-gateway
"""
RETURN = """
cp_mgmt_run_script:
description: The checkpoint run-script output.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
def main():
argument_spec = dict(
script_name=dict(type='str'),
script=dict(type='str'),
targets=dict(type='list'),
args=dict(type='str'),
comments=dict(type='str')
)
argument_spec.update(checkpoint_argument_spec_for_commands)
module = AnsibleModule(argument_spec=argument_spec)
command = "run-script"
result = api_command(module, command)
module.exit_json(**result)
if __name__ == '__main__':
main()

129
lib/ansible/modules/network/check_point/cp_mgmt_security_zone.py
Unescape Escape View File

@ -1,129 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_security_zone
short_description: Manages security-zone objects on Check Point over Web Services API
description:
- Manages security-zone objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-security-zone
cp_mgmt_security_zone:
color: yellow
comments: My Security Zone 1
name: SZone1
state: present
- name: set-security-zone
cp_mgmt_security_zone:
name: SZone1
state: present
- name: delete-security-zone
cp_mgmt_security_zone:
name: SZone2
state: absent
"""
RETURN = """
cp_mgmt_security_zone:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'security-zone'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

128
lib/ansible/modules/network/check_point/cp_mgmt_security_zone_facts.py
Unescape Escape View File

@ -1,128 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_security_zone_facts
short_description: Get security-zone objects facts on Check Point over Web Services API
description:
- Get security-zone objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-security-zone
cp_mgmt_security_zone_facts:
name: SZone1
- name: show-security-zones
cp_mgmt_security_zone_facts:
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "security-zone"
api_call_object_plural_version = "security-zones"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

147
lib/ansible/modules/network/check_point/cp_mgmt_service_dce_rpc.py
Unescape Escape View File

@ -1,147 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_dce_rpc
short_description: Manages service-dce-rpc objects on Check Point over Web Services API
description:
- Manages service-dce-rpc objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
interface_uuid:
description:
- Network interface UUID.
type: str
keep_connections_open_after_policy_installation:
description:
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
type: bool
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-service-dce-rpc
cp_mgmt_service_dce_rpc:
interface_uuid: 97aeb460-9aea-11d5-bd16-0090272ccb30
keep_connections_open_after_policy_installation: false
name: New_DCE-RPC_Service_1
state: present
- name: set-service-dce-rpc
cp_mgmt_service_dce_rpc:
color: green
interface_uuid: 44aeb460-9aea-11d5-bd16-009027266b30
name: New_DCE-RPC_Service_1
state: present
- name: delete-service-dce-rpc
cp_mgmt_service_dce_rpc:
name: New_DCE-RPC_Service_2
state: absent
"""
RETURN = """
cp_mgmt_service_dce_rpc:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
interface_uuid=dict(type='str'),
keep_connections_open_after_policy_installation=dict(type='bool'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'service-dce-rpc'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

131
lib/ansible/modules/network/check_point/cp_mgmt_service_dce_rpc_facts.py
Unescape Escape View File

@ -1,131 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_dce_rpc_facts
short_description: Get service-dce-rpc objects facts on Check Point over Web Services API
description:
- Get service-dce-rpc objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-service-dce-rpc
cp_mgmt_service_dce_rpc_facts:
name: HP-OpCdistm
- name: show-services-dce-rpc
cp_mgmt_service_dce_rpc_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "service-dce-rpc"
api_call_object_plural_version = "services-dce-rpc"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

146
lib/ansible/modules/network/check_point/cp_mgmt_service_group.py
Unescape Escape View File

@ -1,146 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_group
short_description: Manages service-group objects on Check Point over Web Services API
description:
- Manages service-group objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
members:
description:
- Collection of Network objects identified by the name or UID.
type: list
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-service-group
cp_mgmt_service_group:
members:
- https
- bootp
- nisplus
- HP-OpCdistm
name: New Service Group 1
state: present
- name: set-service-group
cp_mgmt_service_group:
name: New Service Group 1
members:
- https
- bootp
- nisplus
state: present
- name: delete-service-group
cp_mgmt_service_group:
name: New Service Group 1
state: absent
"""
RETURN = """
cp_mgmt_service_group:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
members=dict(type='list'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'service-group'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

143
lib/ansible/modules/network/check_point/cp_mgmt_service_group_facts.py
Unescape Escape View File

@ -1,143 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_group_facts
short_description: Get service-group objects facts on Check Point over Web Services API
description:
- Get service-group objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
show_as_ranges:
description:
- When true, the service group's matched content is displayed as ranges of port numbers rather than service objects.<br />Objects that are not
represented using port numbers are presented as objects.<br />The 'members' parameter is omitted from the response and instead the 'ranges' parameter
is displayed.
type: bool
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
dereference_group_members:
description:
- Indicates whether to dereference "members" field by details level for every object in reply.
type: bool
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-service-group
cp_mgmt_service_group_facts:
name: New Service Group 1
- name: show-service-groups
cp_mgmt_service_group_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
show_as_ranges=dict(type='bool'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
dereference_group_members=dict(type='bool'),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "service-group"
api_call_object_plural_version = "service-groups"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

152
lib/ansible/modules/network/check_point/cp_mgmt_service_icmp.py
Unescape Escape View File

@ -1,152 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_icmp
short_description: Manages service-icmp objects on Check Point over Web Services API
description:
- Manages service-icmp objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
icmp_code:
description:
- As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>.
type: int
icmp_type:
description:
- As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>.
type: int
keep_connections_open_after_policy_installation:
description:
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
type: bool
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-service-icmp
cp_mgmt_service_icmp:
icmp_code: 7
icmp_type: 5
name: Icmp1
state: present
- name: set-service-icmp
cp_mgmt_service_icmp:
icmp_code: 13
icmp_type: 45
name: icmp1
state: present
- name: delete-service-icmp
cp_mgmt_service_icmp:
name: icmp3
state: absent
"""
RETURN = """
cp_mgmt_service_icmp:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
icmp_code=dict(type='int'),
icmp_type=dict(type='int'),
keep_connections_open_after_policy_installation=dict(type='bool'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'service-icmp'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

152
lib/ansible/modules/network/check_point/cp_mgmt_service_icmp6.py
Unescape Escape View File

@ -1,152 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_icmp6
short_description: Manages service-icmp6 objects on Check Point over Web Services API
description:
- Manages service-icmp6 objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
icmp_code:
description:
- As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>.
type: int
icmp_type:
description:
- As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>.
type: int
keep_connections_open_after_policy_installation:
description:
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
type: bool
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-service-icmp6
cp_mgmt_service_icmp6:
icmp_code: 7
icmp_type: 5
name: Icmp1
state: present
- name: set-service-icmp6
cp_mgmt_service_icmp6:
icmp_code: 13
icmp_type: 45
name: icmp1
state: present
- name: delete-service-icmp6
cp_mgmt_service_icmp6:
name: icmp2
state: absent
"""
RETURN = """
cp_mgmt_service_icmp6:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
icmp_code=dict(type='int'),
icmp_type=dict(type='int'),
keep_connections_open_after_policy_installation=dict(type='bool'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'service-icmp6'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

130
lib/ansible/modules/network/check_point/cp_mgmt_service_icmp6_facts.py
Unescape Escape View File

@ -1,130 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_icmp6_facts
short_description: Get service-icmp6 objects facts on Check Point over Web Services API
description:
- Get service-icmp6 objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-service-icmp6
cp_mgmt_service_icmp6_facts:
name: echo-reply6
- name: show-services-icmp6
cp_mgmt_service_icmp6_facts:
limit: 2
offset: 4
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "service-icmp6"
api_call_object_plural_version = "services-icmp6"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

130
lib/ansible/modules/network/check_point/cp_mgmt_service_icmp_facts.py
Unescape Escape View File

@ -1,130 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_icmp_facts
short_description: Get service-icmp objects facts on Check Point over Web Services API
description:
- Get service-icmp objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-service-icmp
cp_mgmt_service_icmp_facts:
name: info-req
- name: show-services-icmp
cp_mgmt_service_icmp_facts:
limit: 4
offset: 3
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "service-icmp"
api_call_object_plural_version = "services-icmp"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

225
lib/ansible/modules/network/check_point/cp_mgmt_service_other.py
Unescape Escape View File

@ -1,225 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_other
short_description: Manages service-other objects on Check Point over Web Services API
description:
- Manages service-other objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
accept_replies:
description:
- Specifies whether Other Service replies are to be accepted.
type: bool
action:
description:
- Contains an INSPECT expression that defines the action to take if a rule containing this service is matched.
Example, set r_mhandler &open_ssl_handler sets a handler on the connection.
type: str
aggressive_aging:
description:
- Sets short (aggressive) timeouts for idle connections.
type: dict
suboptions:
default_timeout:
description:
- Default aggressive aging timeout in seconds.
type: int
enable:
description:
- N/A
type: bool
timeout:
description:
- Aggressive aging timeout in seconds.
type: int
use_default_timeout:
description:
- N/A
type: bool
ip_protocol:
description:
- IP protocol number.
type: int
keep_connections_open_after_policy_installation:
description:
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
type: bool
match:
description:
- Contains an INSPECT expression that defines the matching criteria. The connection is examined against the expression during the first packet.
Example, tcp, dport = 21, direction = 0 matches incoming FTP control connections.
type: str
match_for_any:
description:
- Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port
and protocol.
type: bool
override_default_settings:
description:
- Indicates whether this service is a Data Domain service which has been overridden.
type: bool
session_timeout:
description:
- Time (in seconds) before the session times out.
type: int
sync_connections_on_cluster:
description:
- Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
type: bool
tags:
description:
- Collection of tag identifiers.
type: list
use_default_session_timeout:
description:
- Use default virtual session timeout.
type: bool
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-service-other
cp_mgmt_service_other:
aggressive_aging:
enable: true
timeout: 360
use_default_timeout: false
ip_protocol: 51
keep_connections_open_after_policy_installation: false
match_for_any: true
name: New_Service_1
session_timeout: 0
state: present
sync_connections_on_cluster: true
- name: set-service-other
cp_mgmt_service_other:
aggressive_aging:
default_timeout: 3600
color: green
name: New_Service_1
state: present
- name: delete-service-other
cp_mgmt_service_other:
name: New_Service_2
state: absent
"""
RETURN = """
cp_mgmt_service_other:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
accept_replies=dict(type='bool'),
action=dict(type='str'),
aggressive_aging=dict(type='dict', options=dict(
default_timeout=dict(type='int'),
enable=dict(type='bool'),
timeout=dict(type='int'),
use_default_timeout=dict(type='bool')
)),
ip_protocol=dict(type='int'),
keep_connections_open_after_policy_installation=dict(type='bool'),
match=dict(type='str'),
match_for_any=dict(type='bool'),
override_default_settings=dict(type='bool'),
session_timeout=dict(type='int'),
sync_connections_on_cluster=dict(type='bool'),
tags=dict(type='list'),
use_default_session_timeout=dict(type='bool'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'service-other'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

131
lib/ansible/modules/network/check_point/cp_mgmt_service_other_facts.py
Unescape Escape View File

@ -1,131 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_other_facts
short_description: Get service-other objects facts on Check Point over Web Services API
description:
- Get service-other objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-service-other
cp_mgmt_service_other_facts:
name: New_Service_1
- name: show-services-other
cp_mgmt_service_other_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "service-other"
api_call_object_plural_version = "services-other"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

147
lib/ansible/modules/network/check_point/cp_mgmt_service_rpc.py
Unescape Escape View File

@ -1,147 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_rpc
short_description: Manages service-rpc objects on Check Point over Web Services API
description:
- Manages service-rpc objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
keep_connections_open_after_policy_installation:
description:
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
type: bool
program_number:
description:
- N/A
type: int
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-service-rpc
cp_mgmt_service_rpc:
keep_connections_open_after_policy_installation: false
name: New_RPC_Service_1
program_number: 5669
state: present
- name: set-service-rpc
cp_mgmt_service_rpc:
color: green
name: New_RPC_Service_1
program_number: 5656
state: present
- name: delete-service-rpc
cp_mgmt_service_rpc:
name: New_RPC_Service_2
state: absent
"""
RETURN = """
cp_mgmt_service_rpc:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
keep_connections_open_after_policy_installation=dict(type='bool'),
program_number=dict(type='int'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'service-rpc'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

131
lib/ansible/modules/network/check_point/cp_mgmt_service_rpc_facts.py
Unescape Escape View File

@ -1,131 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_rpc_facts
short_description: Get service-rpc objects facts on Check Point over Web Services API
description:
- Get service-rpc objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-service-rpc
cp_mgmt_service_rpc_facts:
name: nisplus
- name: show-services-rpc
cp_mgmt_service_rpc_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "service-rpc"
api_call_object_plural_version = "services-rpc"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

209
lib/ansible/modules/network/check_point/cp_mgmt_service_sctp.py
Unescape Escape View File

@ -1,209 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_sctp
short_description: Manages service-sctp objects on Check Point over Web Services API
description:
- Manages service-sctp objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
port:
description:
- Port number. To specify a port range add a hyphen between the lowest and the highest port numbers, for example 44-45.
type: str
aggressive_aging:
description:
- Sets short (aggressive) timeouts for idle connections.
type: dict
suboptions:
default_timeout:
description:
- Default aggressive aging timeout in seconds.
type: int
enable:
description:
- N/A
type: bool
timeout:
description:
- Aggressive aging timeout in seconds.
type: int
use_default_timeout:
description:
- N/A
type: bool
keep_connections_open_after_policy_installation:
description:
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
type: bool
match_for_any:
description:
- Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port
and protocol.
type: bool
session_timeout:
description:
- Time (in seconds) before the session times out.
type: int
source_port:
description:
- Source port number. To specify a port range add a hyphen between the lowest and the highest port numbers, for example 44-45.
type: str
sync_connections_on_cluster:
description:
- Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
type: bool
tags:
description:
- Collection of tag identifiers.
type: list
use_default_session_timeout:
description:
- Use default virtual session timeout.
type: bool
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-service-sctp
cp_mgmt_service_sctp:
aggressive_aging:
enable: true
timeout: 360
use_default_timeout: false
keep_connections_open_after_policy_installation: false
match_for_any: true
name: New_SCTP_Service_1
port: 5669
session_timeout: 0
state: present
sync_connections_on_cluster: true
- name: set-service-sctp
cp_mgmt_service_sctp:
aggressive_aging:
default_timeout: 3600
color: green
name: New_SCTP_Service_1
port: 5656
state: present
- name: delete-service-sctp
cp_mgmt_service_sctp:
name: New_SCTP_Service_2
state: absent
"""
RETURN = """
cp_mgmt_service_sctp:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
port=dict(type='str'),
aggressive_aging=dict(type='dict', options=dict(
default_timeout=dict(type='int'),
enable=dict(type='bool'),
timeout=dict(type='int'),
use_default_timeout=dict(type='bool')
)),
keep_connections_open_after_policy_installation=dict(type='bool'),
match_for_any=dict(type='bool'),
session_timeout=dict(type='int'),
source_port=dict(type='str'),
sync_connections_on_cluster=dict(type='bool'),
tags=dict(type='list'),
use_default_session_timeout=dict(type='bool'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'service-sctp'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

131
lib/ansible/modules/network/check_point/cp_mgmt_service_sctp_facts.py
Unescape Escape View File

@ -1,131 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_sctp_facts
short_description: Get service-sctp objects facts on Check Point over Web Services API
description:
- Get service-sctp objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-service-sctp
cp_mgmt_service_sctp_facts:
name: New_SCTP_Service_1
- name: show-services-sctp
cp_mgmt_service_sctp_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "service-sctp"
api_call_object_plural_version = "services-sctp"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

229
lib/ansible/modules/network/check_point/cp_mgmt_service_tcp.py
Unescape Escape View File

@ -1,229 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_tcp
short_description: Manages service-tcp objects on Check Point over Web Services API
description:
- Manages service-tcp objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
aggressive_aging:
description:
- Sets short (aggressive) timeouts for idle connections.
type: dict
suboptions:
default_timeout:
description:
- Default aggressive aging timeout in seconds.
type: int
enable:
description:
- N/A
type: bool
timeout:
description:
- Aggressive aging timeout in seconds.
type: int
use_default_timeout:
description:
- N/A
type: bool
keep_connections_open_after_policy_installation:
description:
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
type: bool
match_by_protocol_signature:
description:
- A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option
to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true.
type: bool
match_for_any:
description:
- Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port
and protocol.
type: bool
override_default_settings:
description:
- Indicates whether this service is a Data Domain service which has been overridden.
type: bool
port:
description:
- The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for
example 44-55.
type: str
protocol:
description:
- Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and
Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of
security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports).
type: str
session_timeout:
description:
- Time (in seconds) before the session times out.
type: int
source_port:
description:
- Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet
inspection. Otherwise, the source port is not inspected.
type: str
sync_connections_on_cluster:
description:
- Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
type: bool
tags:
description:
- Collection of tag identifiers.
type: list
use_default_session_timeout:
description:
- Use default virtual session timeout.
type: bool
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-service-tcp
cp_mgmt_service_tcp:
aggressive_aging:
enable: true
timeout: 360
use_default_timeout: false
keep_connections_open_after_policy_installation: false
match_for_any: true
name: New_TCP_Service_1
port: 5669
session_timeout: 0
state: present
sync_connections_on_cluster: true
- name: set-service-tcp
cp_mgmt_service_tcp:
aggressive_aging:
default_timeout: 3600
color: green
name: New_TCP_Service_1
port: 5656
state: present
- name: delete-service-tcp
cp_mgmt_service_tcp:
name: New_TCP_Service_1
state: absent
"""
RETURN = """
cp_mgmt_service_tcp:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
aggressive_aging=dict(type='dict', options=dict(
default_timeout=dict(type='int'),
enable=dict(type='bool'),
timeout=dict(type='int'),
use_default_timeout=dict(type='bool')
)),
keep_connections_open_after_policy_installation=dict(type='bool'),
match_by_protocol_signature=dict(type='bool'),
match_for_any=dict(type='bool'),
override_default_settings=dict(type='bool'),
port=dict(type='str'),
protocol=dict(type='str'),
session_timeout=dict(type='int'),
source_port=dict(type='str'),
sync_connections_on_cluster=dict(type='bool'),
tags=dict(type='list'),
use_default_session_timeout=dict(type='bool'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'service-tcp'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

131
lib/ansible/modules/network/check_point/cp_mgmt_service_tcp_facts.py
Unescape Escape View File

@ -1,131 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_tcp_facts
short_description: Get service-tcp objects facts on Check Point over Web Services API
description:
- Get service-tcp objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-service-tcp
cp_mgmt_service_tcp_facts:
name: https
- name: show-services-tcp
cp_mgmt_service_tcp_facts:
details_level: standard
limit: 10
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "service-tcp"
api_call_object_plural_version = "services-tcp"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

236
lib/ansible/modules/network/check_point/cp_mgmt_service_udp.py
Unescape Escape View File

@ -1,236 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_udp
short_description: Manages service-udp objects on Check Point over Web Services API
description:
- Manages service-udp objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
accept_replies:
description:
- N/A
type: bool
aggressive_aging:
description:
- Sets short (aggressive) timeouts for idle connections.
type: dict
suboptions:
default_timeout:
description:
- Default aggressive aging timeout in seconds.
type: int
enable:
description:
- N/A
type: bool
timeout:
description:
- Aggressive aging timeout in seconds.
type: int
use_default_timeout:
description:
- N/A
type: bool
keep_connections_open_after_policy_installation:
description:
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
type: bool
match_by_protocol_signature:
description:
- A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option
to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true.
type: bool
match_for_any:
description:
- Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port
and protocol.
type: bool
override_default_settings:
description:
- Indicates whether this service is a Data Domain service which has been overridden.
type: bool
port:
description:
- The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for
example 44-55.
type: str
protocol:
description:
- Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and
Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of
security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports).
type: str
session_timeout:
description:
- Time (in seconds) before the session times out.
type: int
source_port:
description:
- Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet
inspection. Otherwise, the source port is not inspected.
type: str
sync_connections_on_cluster:
description:
- Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
type: bool
tags:
description:
- Collection of tag identifiers.
type: list
use_default_session_timeout:
description:
- Use default virtual session timeout.
type: bool
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-service-udp
cp_mgmt_service_udp:
accept_replies: false
aggressive_aging:
enable: true
timeout: 360
use_default_timeout: false
keep_connections_open_after_policy_installation: false
match_for_any: true
name: New_UDP_Service_1
port: 5669
session_timeout: 0
state: present
sync_connections_on_cluster: true
- name: set-service-udp
cp_mgmt_service_udp:
accept_replies: true
aggressive_aging:
default_timeout: 3600
color: green
name: New_UDP_Service_1
port: 5656
state: present
- name: delete-service-udp
cp_mgmt_service_udp:
name: New_UDP_Service_2
state: absent
"""
RETURN = """
cp_mgmt_service_udp:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
accept_replies=dict(type='bool'),
aggressive_aging=dict(type='dict', options=dict(
default_timeout=dict(type='int'),
enable=dict(type='bool'),
timeout=dict(type='int'),
use_default_timeout=dict(type='bool')
)),
keep_connections_open_after_policy_installation=dict(type='bool'),
match_by_protocol_signature=dict(type='bool'),
match_for_any=dict(type='bool'),
override_default_settings=dict(type='bool'),
port=dict(type='str'),
protocol=dict(type='str'),
session_timeout=dict(type='int'),
source_port=dict(type='str'),
sync_connections_on_cluster=dict(type='bool'),
tags=dict(type='list'),
use_default_session_timeout=dict(type='bool'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'service-udp'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

131
lib/ansible/modules/network/check_point/cp_mgmt_service_udp_facts.py
Unescape Escape View File

@ -1,131 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_service_udp_facts
short_description: Get service-udp objects facts on Check Point over Web Services API
description:
- Get service-udp objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-service-udp
cp_mgmt_service_udp_facts:
name: bootp
- name: show-services-udp
cp_mgmt_service_udp_facts:
details_level: standard
limit: 10
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "service-udp"
api_call_object_plural_version = "services-udp"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

124
lib/ansible/modules/network/check_point/cp_mgmt_session_facts.py
Unescape Escape View File

@ -1,124 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_session_facts
short_description: Get session objects facts on Check Point over Web Services API
description:
- Get session objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the descending order by the session publish time.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
view_published_sessions:
description:
- Show a list of published sessions.
type: bool
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-session
cp_mgmt_session_facts:
- name: show-sessions
cp_mgmt_session_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
view_published_sessions=dict(type='bool'),
details_level=dict(type='str', choices=['uid', 'standard', 'full'])
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "session"
api_call_object_plural_version = "sessions"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

630
lib/ansible/modules/network/check_point/cp_mgmt_simple_gateway.py
Unescape Escape View File

@ -1,630 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_simple_gateway
short_description: Manages simple-gateway objects on Check Point over Web Services API
description:
- Manages simple-gateway objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
anti_bot:
description:
- Anti-Bot blade enabled.
type: bool
anti_virus:
description:
- Anti-Virus blade enabled.
type: bool
application_control:
description:
- Application Control blade enabled.
type: bool
content_awareness:
description:
- Content Awareness blade enabled.
type: bool
firewall:
description:
- Firewall blade enabled.
type: bool
firewall_settings:
description:
- N/A
type: dict
suboptions:
auto_calculate_connections_hash_table_size_and_memory_pool:
description:
- N/A
type: bool
auto_maximum_limit_for_concurrent_connections:
description:
- N/A
type: bool
connections_hash_size:
description:
- N/A
type: int
maximum_limit_for_concurrent_connections:
description:
- N/A
type: int
maximum_memory_pool_size:
description:
- N/A
type: int
memory_pool_size:
description:
- N/A
type: int
interfaces:
description:
- Network interfaces. When a gateway is updated with a new interfaces, the existing interfaces are removed.
type: list
suboptions:
name:
description:
- Object name.
type: str
anti_spoofing:
description:
- N/A
type: bool
anti_spoofing_settings:
description:
- N/A
type: dict
suboptions:
action:
description:
- If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
type: str
choices: ['prevent', 'detect']
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
network_mask:
description:
- IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of
providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use
ipv4-mask-length and ipv6-mask-length fields explicitly.
type: str
ipv4_network_mask:
description:
- IPv4 network address.
type: str
ipv6_network_mask:
description:
- IPv6 network address.
type: str
mask_length:
description:
- IPv4 or IPv6 network mask length.
type: str
ipv4_mask_length:
description:
- IPv4 network mask length.
type: str
ipv6_mask_length:
description:
- IPv6 network mask length.
type: str
security_zone:
description:
- N/A
type: bool
security_zone_settings:
description:
- N/A
type: dict
suboptions:
auto_calculated:
description:
- Security Zone is calculated according to where the interface leads to.
type: bool
specific_zone:
description:
- Security Zone specified manually.
type: str
tags:
description:
- Collection of tag identifiers.
type: list
topology:
description:
- N/A
type: str
choices: ['automatic', 'external', 'internal']
topology_settings:
description:
- N/A
type: dict
suboptions:
interface_leads_to_dmz:
description:
- Whether this interface leads to demilitarized zone (perimeter network).
type: bool
ip_address_behind_this_interface:
description:
- N/A
type: str
choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific']
specific_network:
description:
- Network behind this interface.
type: str
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange',
'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray',
'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive',
'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
ips:
description:
- Intrusion Prevention System blade enabled.
type: bool
logs_settings:
description:
- N/A
type: dict
suboptions:
alert_when_free_disk_space_below:
description:
- N/A
type: bool
alert_when_free_disk_space_below_threshold:
description:
- N/A
type: int
alert_when_free_disk_space_below_type:
description:
- N/A
type: str
choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
'user defined alert no.3']
before_delete_keep_logs_from_the_last_days:
description:
- N/A
type: bool
before_delete_keep_logs_from_the_last_days_threshold:
description:
- N/A
type: int
before_delete_run_script:
description:
- N/A
type: bool
before_delete_run_script_command:
description:
- N/A
type: str
delete_index_files_older_than_days:
description:
- N/A
type: bool
delete_index_files_older_than_days_threshold:
description:
- N/A
type: int
delete_index_files_when_index_size_above:
description:
- N/A
type: bool
delete_index_files_when_index_size_above_threshold:
description:
- N/A
type: int
delete_when_free_disk_space_below:
description:
- N/A
type: bool
delete_when_free_disk_space_below_threshold:
description:
- N/A
type: int
detect_new_citrix_ica_application_names:
description:
- N/A
type: bool
forward_logs_to_log_server:
description:
- N/A
type: bool
forward_logs_to_log_server_name:
description:
- N/A
type: str
forward_logs_to_log_server_schedule_name:
description:
- N/A
type: str
free_disk_space_metrics:
description:
- N/A
type: str
choices: ['mbytes', 'percent']
perform_log_rotate_before_log_forwarding:
description:
- N/A
type: bool
reject_connections_when_free_disk_space_below_threshold:
description:
- N/A
type: bool
reserve_for_packet_capture_metrics:
description:
- N/A
type: str
choices: ['percent', 'mbytes']
reserve_for_packet_capture_threshold:
description:
- N/A
type: int
rotate_log_by_file_size:
description:
- N/A
type: bool
rotate_log_file_size_threshold:
description:
- N/A
type: int
rotate_log_on_schedule:
description:
- N/A
type: bool
rotate_log_schedule_name:
description:
- N/A
type: str
stop_logging_when_free_disk_space_below:
description:
- N/A
type: bool
stop_logging_when_free_disk_space_below_threshold:
description:
- N/A
type: int
turn_on_qos_logging:
description:
- N/A
type: bool
update_account_log_every:
description:
- N/A
type: int
one_time_password:
description:
- N/A
type: str
os_name:
description:
- Gateway platform operating system.
type: str
save_logs_locally:
description:
- Save logs locally on the gateway.
type: bool
send_alerts_to_server:
description:
- Server(s) to send alerts to.
type: list
send_logs_to_backup_server:
description:
- Backup server(s) to send logs to.
type: list
send_logs_to_server:
description:
- Server(s) to send logs to.
type: list
tags:
description:
- Collection of tag identifiers.
type: list
threat_emulation:
description:
- Threat Emulation blade enabled.
type: bool
threat_extraction:
description:
- Threat Extraction blade enabled.
type: bool
url_filtering:
description:
- URL Filtering blade enabled.
type: bool
version:
description:
- Gateway platform version.
type: str
vpn:
description:
- VPN blade enabled.
type: bool
vpn_settings:
description:
- Gateway VPN settings.
type: dict
suboptions:
maximum_concurrent_ike_negotiations:
description:
- N/A
type: int
maximum_concurrent_tunnels:
description:
- N/A
type: int
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-simple-gateway
cp_mgmt_simple_gateway:
ip_address: 192.0.2.1
name: gw1
state: present
- name: set-simple-gateway
cp_mgmt_simple_gateway:
anti_bot: true
anti_virus: true
application_control: true
ips: true
name: test_gateway
state: present
threat_emulation: true
url_filtering: true
- name: delete-simple-gateway
cp_mgmt_simple_gateway:
name: gw1
state: absent
"""
RETURN = """
cp_mgmt_simple_gateway:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
ip_address=dict(type='str'),
ipv4_address=dict(type='str'),
ipv6_address=dict(type='str'),
anti_bot=dict(type='bool'),
anti_virus=dict(type='bool'),
application_control=dict(type='bool'),
content_awareness=dict(type='bool'),
firewall=dict(type='bool'),
firewall_settings=dict(type='dict', options=dict(
auto_calculate_connections_hash_table_size_and_memory_pool=dict(type='bool'),
auto_maximum_limit_for_concurrent_connections=dict(type='bool'),
connections_hash_size=dict(type='int'),
maximum_limit_for_concurrent_connections=dict(type='int'),
maximum_memory_pool_size=dict(type='int'),
memory_pool_size=dict(type='int')
)),
interfaces=dict(type='list', options=dict(
name=dict(type='str'),
anti_spoofing=dict(type='bool'),
anti_spoofing_settings=dict(type='dict', options=dict(
action=dict(type='str', choices=['prevent', 'detect'])
)),
ip_address=dict(type='str'),
ipv4_address=dict(type='str'),
ipv6_address=dict(type='str'),
network_mask=dict(type='str'),
ipv4_network_mask=dict(type='str'),
ipv6_network_mask=dict(type='str'),
mask_length=dict(type='str'),
ipv4_mask_length=dict(type='str'),
ipv6_mask_length=dict(type='str'),
security_zone=dict(type='bool'),
security_zone_settings=dict(type='dict', options=dict(
auto_calculated=dict(type='bool'),
specific_zone=dict(type='str')
)),
tags=dict(type='list'),
topology=dict(type='str', choices=['automatic', 'external', 'internal']),
topology_settings=dict(type='dict', options=dict(
interface_leads_to_dmz=dict(type='bool'),
ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask',
'network defined by routing', 'specific']),
specific_network=dict(type='str')
)),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan',
'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue',
'firebrick',
'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral',
'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange',
'red',
'sienna', 'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)),
ips=dict(type='bool'),
logs_settings=dict(type='dict', options=dict(
alert_when_free_disk_space_below=dict(type='bool'),
alert_when_free_disk_space_below_threshold=dict(type='int'),
alert_when_free_disk_space_below_type=dict(type='str', choices=['none',
'log', 'popup alert', 'mail alert', 'snmp trap alert',
'user defined alert no.1',
'user defined alert no.2', 'user defined alert no.3']),
before_delete_keep_logs_from_the_last_days=dict(type='bool'),
before_delete_keep_logs_from_the_last_days_threshold=dict(type='int'),
before_delete_run_script=dict(type='bool'),
before_delete_run_script_command=dict(type='str'),
delete_index_files_older_than_days=dict(type='bool'),
delete_index_files_older_than_days_threshold=dict(type='int'),
delete_index_files_when_index_size_above=dict(type='bool'),
delete_index_files_when_index_size_above_threshold=dict(type='int'),
delete_when_free_disk_space_below=dict(type='bool'),
delete_when_free_disk_space_below_threshold=dict(type='int'),
detect_new_citrix_ica_application_names=dict(type='bool'),
forward_logs_to_log_server=dict(type='bool'),
forward_logs_to_log_server_name=dict(type='str'),
forward_logs_to_log_server_schedule_name=dict(type='str'),
free_disk_space_metrics=dict(type='str', choices=['mbytes', 'percent']),
perform_log_rotate_before_log_forwarding=dict(type='bool'),
reject_connections_when_free_disk_space_below_threshold=dict(type='bool'),
reserve_for_packet_capture_metrics=dict(type='str', choices=['percent', 'mbytes']),
reserve_for_packet_capture_threshold=dict(type='int'),
rotate_log_by_file_size=dict(type='bool'),
rotate_log_file_size_threshold=dict(type='int'),
rotate_log_on_schedule=dict(type='bool'),
rotate_log_schedule_name=dict(type='str'),
stop_logging_when_free_disk_space_below=dict(type='bool'),
stop_logging_when_free_disk_space_below_threshold=dict(type='int'),
turn_on_qos_logging=dict(type='bool'),
update_account_log_every=dict(type='int')
)),
one_time_password=dict(type='str'),
os_name=dict(type='str'),
save_logs_locally=dict(type='bool'),
send_alerts_to_server=dict(type='list'),
send_logs_to_backup_server=dict(type='list'),
send_logs_to_server=dict(type='list'),
tags=dict(type='list'),
threat_emulation=dict(type='bool'),
threat_extraction=dict(type='bool'),
url_filtering=dict(type='bool'),
version=dict(type='str'),
vpn=dict(type='bool'),
vpn_settings=dict(type='dict', options=dict(
maximum_concurrent_ike_negotiations=dict(type='int'),
maximum_concurrent_tunnels=dict(type='int')
)),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral',
'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'simple-gateway'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

131
lib/ansible/modules/network/check_point/cp_mgmt_simple_gateway_facts.py
Unescape Escape View File

@ -1,131 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_simple_gateway_facts
short_description: Get simple-gateway objects facts on Check Point over Web Services API
description:
- Get simple-gateway objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-simple-gateway
cp_mgmt_simple_gateway_facts:
name: gw1
- name: show-simple-gateways
cp_mgmt_simple_gateway_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "simple-gateway"
api_call_object_plural_version = "simple-gateways"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

125
lib/ansible/modules/network/check_point/cp_mgmt_tag.py
Unescape Escape View File

@ -1,125 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_tag
short_description: Manages tag objects on Check Point over Web Services API
description:
- Manages tag objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-tag
cp_mgmt_tag:
name: My New Tag1
state: present
tags:
- tag1
- tag2
- name: delete-tag
cp_mgmt_tag:
name: My New Tag1
state: absent
"""
RETURN = """
cp_mgmt_tag:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'tag'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

123
lib/ansible/modules/network/check_point/cp_mgmt_tag_facts.py
Unescape Escape View File

@ -1,123 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_tag_facts
short_description: Get tag objects facts on Check Point over Web Services API
description:
- Get tag objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-tag
cp_mgmt_tag_facts:
name: f96b37ec-e22e-4945-8bbf-d37b117914e0
- name: show-tags
cp_mgmt_tag_facts:
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "tag"
api_call_object_plural_version = "tags"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

213
lib/ansible/modules/network/check_point/cp_mgmt_threat_exception.py
Unescape Escape View File

@ -1,213 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_threat_exception
short_description: Manages threat-exception objects on Check Point over Web Services API
description:
- Manages threat-exception objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- The name of the exception.
type: str
required: True
position:
description:
- Position in the rulebase.
type: str
exception_group_uid:
description:
- The UID of the exception-group.
type: str
exception_group_name:
description:
- The name of the exception-group.
type: str
layer:
description:
- Layer that the rule belongs to identified by the name or UID.
type: str
rule_name:
description:
- The name of the parent rule.
type: str
action:
description:
- Action-the enforced profile.
type: str
destination:
description:
- Collection of Network objects identified by the name or UID.
type: list
destination_negate:
description:
- True if negate is set for destination.
type: bool
enabled:
description:
- Enable/Disable the rule.
type: bool
install_on:
description:
- Which Gateways identified by the name or UID to install the policy on.
type: list
protected_scope:
description:
- Collection of objects defining Protected Scope identified by the name or UID.
type: list
protected_scope_negate:
description:
- True if negate is set for Protected Scope.
type: bool
protection_or_site:
description:
- Name of the protection or site.
type: list
service:
description:
- Collection of Network objects identified by the name or UID.
type: list
service_negate:
description:
- True if negate is set for Service.
type: bool
source:
description:
- Collection of Network objects identified by the name or UID.
type: list
source_negate:
description:
- True if negate is set for source.
type: bool
track:
description:
- Packet tracking.
type: str
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-threat-exception
cp_mgmt_threat_exception:
layer: New Layer 1
name: Exception Rule
position: 1
protected_scope: All_Internet
rule_name: Threat Rule 1
state: present
track: Log
- name: set-threat-exception
cp_mgmt_threat_exception:
layer: New Layer 1
name: Exception Rule
rule_name: Threat Rule 1
state: present
- name: delete-threat-exception
cp_mgmt_threat_exception:
name: Exception Rule
layer: New Layer 1
rule_name: Threat Rule 1
state: absent
"""
RETURN = """
cp_mgmt_threat_exception:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule
def main():
argument_spec = dict(
name=dict(type='str', required=True),
position=dict(type='str'),
exception_group_uid=dict(type='str'),
exception_group_name=dict(type='str'),
layer=dict(type='str'),
rule_name=dict(type='str'),
action=dict(type='str'),
destination=dict(type='list'),
destination_negate=dict(type='bool'),
enabled=dict(type='bool'),
install_on=dict(type='list'),
protected_scope=dict(type='list'),
protected_scope_negate=dict(type='bool'),
protection_or_site=dict(type='list'),
service=dict(type='list'),
service_negate=dict(type='bool'),
source=dict(type='list'),
source_negate=dict(type='bool'),
track=dict(type='str'),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'threat-exception'
if module.params['position'] is None:
result = api_call(module, api_call_object)
else:
result = api_call_for_rule(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

222
lib/ansible/modules/network/check_point/cp_mgmt_threat_exception_facts.py
Unescape Escape View File

@ -1,222 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_threat_exception_facts
short_description: Get threat-exception objects facts on Check Point over Web Services API
description:
- Get threat-exception objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- The name of the layer containing the parent threat rule.
This parameter is relevant only for getting few objects.
type: str
exception_group_uid:
description:
- The UID of the exception-group.
type: str
exception_group_name:
description:
- The name of the exception-group.
type: str
layer:
description:
- Layer that the rule belongs to identified by the name or UID.
type: str
rule_name:
description:
- The name of the parent rule.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
filter:
description:
- Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical
operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
type: str
filter_settings:
description:
- Sets filter preferences.
type: dict
suboptions:
search_mode:
description:
- When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any'
object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell
or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
type: str
choices: ['general', 'packet']
packet_search_settings:
description:
- When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
type: dict
suboptions:
expand_group_members:
description:
- When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at
least one member of the group.
type: bool
expand_group_with_exclusion_members:
description:
- When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that
match at least one member of the "include" part and is not a member of the "except" part.
type: bool
match_on_any:
description:
- Whether to match on 'Any' object.
type: bool
match_on_group_with_exclusion:
description:
- Whether to match on a group-with-exclusion.
type: bool
match_on_negate:
description:
- Whether to match on a negated cell.
type: bool
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
package:
description:
- Name of the package.
type: str
use_object_dictionary:
description:
- N/A
type: bool
dereference_group_members:
description:
- Indicates whether to dereference "members" field by details level for every object in reply.
type: bool
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-threat-exception
cp_mgmt_threat_exception_facts:
name: Exception Rule
layer: New Layer 1
rule_name: Threat Rule 1
- name: show-threat-rule-exception-rulebase
cp_mgmt_threat_exception_facts:
name: Standard Threat Prevention
rule_name: Threat Rule 1
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
exception_group_uid=dict(type='str'),
exception_group_name=dict(type='str'),
layer=dict(type='str'),
rule_name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
filter=dict(type='str'),
filter_settings=dict(type='dict', options=dict(
search_mode=dict(type='str', choices=['general', 'packet']),
packet_search_settings=dict(type='dict', options=dict(
expand_group_members=dict(type='bool'),
expand_group_with_exclusion_members=dict(type='bool'),
match_on_any=dict(type='bool'),
match_on_group_with_exclusion=dict(type='bool'),
match_on_negate=dict(type='bool')
))
)),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
package=dict(type='str'),
use_object_dictionary=dict(type='bool'),
dereference_group_members=dict(type='bool'),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "threat-exception"
api_call_object_plural_version = "threat-rule-exception-rulebase"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

271
lib/ansible/modules/network/check_point/cp_mgmt_threat_indicator.py
Unescape Escape View File

@ -1,271 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_threat_indicator
short_description: Manages threat-indicator objects on Check Point over Web Services API
description:
- Manages threat-indicator objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
observables:
description:
- The indicator's observables.
type: list
suboptions:
name:
description:
- Object name. Should be unique in the domain.
type: str
md5:
description:
- A valid MD5 sequence.
type: str
url:
description:
- A valid URL.
type: str
ip_address:
description:
- A valid IP-Address.
type: str
ip_address_first:
description:
- A valid IP-Address, the beginning of the range. If you configure this parameter with a value, you must also configure the value of the
'ip-address-last' parameter.
type: str
ip_address_last:
description:
- A valid IP-Address, the end of the range. If you configure this parameter with a value, you must also configure the value of the
'ip-address-first' parameter.
type: str
domain:
description:
- The name of a domain.
type: str
mail_to:
description:
- A valid E-Mail address, recipient filed.
type: str
mail_from:
description:
- A valid E-Mail address, sender field.
type: str
mail_cc:
description:
- A valid E-Mail address, cc field.
type: str
mail_reply_to:
description:
- A valid E-Mail address, reply-to field.
type: str
mail_subject:
description:
- Subject of E-Mail.
type: str
confidence:
description:
- The confidence level the indicator has that a real threat has been uncovered.
type: str
choices: ['low', 'medium', 'high', 'critical']
product:
description:
- The software blade that processes the observable, AV - AntiVirus, AB - AntiBot.
type: str
choices: ['AV', 'AB']
severity:
description:
- The severity level of the threat.
type: str
choices: ['low', 'medium', 'high', 'critical']
comments:
description:
- Comments string.
type: str
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
observables_raw_data:
description:
- The contents of a file containing the indicator's observables.
type: str
action:
description:
- The indicator's action.
type: str
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
profile_overrides:
description:
- Profiles in which to override the indicator's default action.
type: list
suboptions:
action:
description:
- The indicator's action in this profile.
type: str
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
profile:
description:
- The profile in which to override the indicator's action.
type: str
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-threat-indicator
cp_mgmt_threat_indicator:
action: ask
ignore_warnings: true
name: My_Indicator
observables:
- confidence: medium
mail_to: someone@somewhere.com
name: My_Observable
product: AV
severity: low
profile_overrides:
- action: detect
profile: My_Profile
state: present
- name: set-threat-indicator
cp_mgmt_threat_indicator:
action: prevent
ignore_warnings: true
name: My_Indicator
state: present
- name: delete-threat-indicator
cp_mgmt_threat_indicator:
name: My_Indicator
state: absent
"""
RETURN = """
cp_mgmt_threat_indicator:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
observables=dict(type='list', options=dict(
name=dict(type='str'),
md5=dict(type='str'),
url=dict(type='str'),
ip_address=dict(type='str'),
ip_address_first=dict(type='str'),
ip_address_last=dict(type='str'),
domain=dict(type='str'),
mail_to=dict(type='str'),
mail_from=dict(type='str'),
mail_cc=dict(type='str'),
mail_reply_to=dict(type='str'),
mail_subject=dict(type='str'),
confidence=dict(type='str', choices=['low', 'medium', 'high', 'critical']),
product=dict(type='str', choices=['AV', 'AB']),
severity=dict(type='str', choices=['low', 'medium', 'high', 'critical']),
comments=dict(type='str'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)),
observables_raw_data=dict(type='str'),
action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
profile_overrides=dict(type='list', options=dict(
action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
profile=dict(type='str')
)),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'threat-indicator'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

123
lib/ansible/modules/network/check_point/cp_mgmt_threat_indicator_facts.py
Unescape Escape View File

@ -1,123 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_threat_indicator_facts
short_description: Get threat-indicator objects facts on Check Point over Web Services API
description:
- Get threat-indicator objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-threat-indicator
cp_mgmt_threat_indicator_facts:
name: My_Indicator
- name: show-threat-indicators
cp_mgmt_threat_indicator_facts:
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "threat-indicator"
api_call_object_plural_version = "threat-indicators"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

127
lib/ansible/modules/network/check_point/cp_mgmt_threat_layer.py
Unescape Escape View File

@ -1,127 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_threat_layer
short_description: Manages threat-layer objects on Check Point over Web Services API
description:
- Manages threat-layer objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
add_default_rule:
description:
- Indicates whether to include a default rule in the new layer.
type: bool
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-threat-layer
cp_mgmt_threat_layer:
name: New Layer 1
state: present
- name: delete-threat-layer
cp_mgmt_threat_layer:
name: New Layer 2
state: absent
"""
RETURN = """
cp_mgmt_threat_layer:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
add_default_rule=dict(type='bool'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'threat-layer'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

126
lib/ansible/modules/network/check_point/cp_mgmt_threat_layer_facts.py
Unescape Escape View File

@ -1,126 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_threat_layer_facts
short_description: Get threat-layer objects facts on Check Point over Web Services API
description:
- Get threat-layer objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-threat-layer
cp_mgmt_threat_layer_facts:
name: New Layer 1
- name: show-threat-layers
cp_mgmt_threat_layer_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "threat-layer"
api_call_object_plural_version = "threat-layers"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

400
lib/ansible/modules/network/check_point/cp_mgmt_threat_profile.py
Unescape Escape View File

@ -1,400 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_threat_profile
short_description: Manages threat-profile objects on Check Point over Web Services API
description:
- Manages threat-profile objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
active_protections_performance_impact:
description:
- Protections with this performance impact only will be activated in the profile.
type: str
choices: ['high', 'medium', 'low', 'very_low']
active_protections_severity:
description:
- Protections with this severity only will be activated in the profile.
type: str
choices: ['Critical', 'High', 'Medium or above', 'Low or above']
confidence_level_high:
description:
- Action for protections with high confidence level.
type: str
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
confidence_level_low:
description:
- Action for protections with low confidence level.
type: str
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
confidence_level_medium:
description:
- Action for protections with medium confidence level.
type: str
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
indicator_overrides:
description:
- Indicators whose action will be overridden in this profile.
type: list
suboptions:
action:
description:
- The indicator's action in this profile.
type: str
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
indicator:
description:
- The indicator whose action is to be overridden.
type: str
ips_settings:
description:
- IPS blade settings.
type: dict
suboptions:
exclude_protection_with_performance_impact:
description:
- Whether to exclude protections depending on their level of performance impact.
type: bool
exclude_protection_with_performance_impact_mode:
description:
- Exclude protections with this level of performance impact.
type: str
choices: ['very low', 'low or lower', 'medium or lower', 'high or lower']
exclude_protection_with_severity:
description:
- Whether to exclude protections depending on their level of severity.
type: bool
exclude_protection_with_severity_mode:
description:
- Exclude protections with this level of severity.
type: str
choices: ['low or above', 'medium or above', 'high or above', 'critical']
newly_updated_protections:
description:
- Activation of newly updated protections.
type: str
choices: ['active', 'inactive', 'staging']
malicious_mail_policy_settings:
description:
- Malicious Mail Policy for MTA Gateways.
type: dict
suboptions:
add_customized_text_to_email_body:
description:
- Add customized text to the malicious email body.
type: bool
add_email_subject_prefix:
description:
- Add a prefix to the malicious email subject.
type: bool
add_x_header_to_email:
description:
- Add an X-Header to the malicious email.
type: bool
email_action:
description:
- Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and
links, add x-header, etc...).
type: str
choices: ['allow', 'block']
email_body_customized_text:
description:
- Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict.
type: str
email_subject_prefix_text:
description:
- Prefix for the malicious email subject.
type: str
failed_to_scan_attachments_text:
description:
- Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file
name.<br> $md5$ - MD5 of the malicious file.
type: str
malicious_attachments_text:
description:
- Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ -
MD5 of the malicious file.
type: str
malicious_links_text:
description:
- Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link.
type: str
remove_attachments_and_links:
description:
- Remove attachments and links from the malicious email.
type: bool
send_copy:
description:
- Send a copy of the malicious email to the recipient list.
type: bool
send_copy_list:
description:
- Recipient list to send a copy of the malicious email.
type: list
overrides:
description:
- Overrides per profile for this protection.
type: list
suboptions:
action:
description:
- Protection action.
type: str
choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']
protection:
description:
- IPS protection identified by name or UID.
type: str
capture_packets:
description:
- Capture packets.
type: bool
track:
description:
- Tracking method for protection.
type: str
choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']
tags:
description:
- Collection of tag identifiers.
type: list
use_indicators:
description:
- Indicates whether the profile should make use of indicators.
type: bool
anti_bot:
description:
- Is Anti-Bot blade activated.
type: bool
anti_virus:
description:
- Is Anti-Virus blade activated.
type: bool
ips:
description:
- Is IPS blade activated.
type: bool
threat_emulation:
description:
- Is Threat Emulation blade activated.
type: bool
activate_protections_by_extended_attributes:
description:
- Activate protections by these extended attributes.
type: list
suboptions:
name:
description:
- IPS tag name.
type: str
category:
description:
- IPS tag category name.
type: str
deactivate_protections_by_extended_attributes:
description:
- Deactivate protections by these extended attributes.
type: list
suboptions:
name:
description:
- IPS tag name.
type: str
category:
description:
- IPS tag category name.
type: str
use_extended_attributes:
description:
- Whether to activate/deactivate IPS protections according to the extended attributes.
type: bool
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-threat-profile
cp_mgmt_threat_profile:
active_protections_performance_impact: low
active_protections_severity: low or above
anti_bot: true
anti_virus: true
confidence_level_high: prevent
confidence_level_medium: prevent
ips: true
ips_settings:
exclude_protection_with_performance_impact: true
exclude_protection_with_performance_impact_mode: high or lower
newly_updated_protections: staging
name: New Profile 1
state: present
threat_emulation: true
- name: set-threat-profile
cp_mgmt_threat_profile:
active_protections_performance_impact: low
active_protections_severity: low or above
anti_bot: true
anti_virus: false
comments: update recommended profile
confidence_level_high: prevent
confidence_level_low: prevent
confidence_level_medium: prevent
ips: false
ips_settings:
exclude_protection_with_performance_impact: true
exclude_protection_with_performance_impact_mode: high or lower
newly_updated_protections: active
name: New Profile 1
state: present
threat_emulation: true
- name: delete-threat-profile
cp_mgmt_threat_profile:
name: New Profile 1
state: absent
"""
RETURN = """
cp_mgmt_threat_profile:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
active_protections_performance_impact=dict(type='str', choices=['high', 'medium', 'low', 'very_low']),
active_protections_severity=dict(type='str', choices=['Critical', 'High', 'Medium or above', 'Low or above']),
confidence_level_high=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
confidence_level_low=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
confidence_level_medium=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
indicator_overrides=dict(type='list', options=dict(
action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
indicator=dict(type='str')
)),
ips_settings=dict(type='dict', options=dict(
exclude_protection_with_performance_impact=dict(type='bool'),
exclude_protection_with_performance_impact_mode=dict(type='str', choices=['very low', 'low or lower', 'medium or lower', 'high or lower']),
exclude_protection_with_severity=dict(type='bool'),
exclude_protection_with_severity_mode=dict(type='str', choices=['low or above', 'medium or above', 'high or above', 'critical']),
newly_updated_protections=dict(type='str', choices=['active', 'inactive', 'staging'])
)),
malicious_mail_policy_settings=dict(type='dict', options=dict(
add_customized_text_to_email_body=dict(type='bool'),
add_email_subject_prefix=dict(type='bool'),
add_x_header_to_email=dict(type='bool'),
email_action=dict(type='str', choices=['allow', 'block']),
email_body_customized_text=dict(type='str'),
email_subject_prefix_text=dict(type='str'),
failed_to_scan_attachments_text=dict(type='str'),
malicious_attachments_text=dict(type='str'),
malicious_links_text=dict(type='str'),
remove_attachments_and_links=dict(type='bool'),
send_copy=dict(type='bool'),
send_copy_list=dict(type='list')
)),
overrides=dict(type='list', options=dict(
action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']),
protection=dict(type='str'),
capture_packets=dict(type='bool'),
track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'])
)),
tags=dict(type='list'),
use_indicators=dict(type='bool'),
anti_bot=dict(type='bool'),
anti_virus=dict(type='bool'),
ips=dict(type='bool'),
threat_emulation=dict(type='bool'),
activate_protections_by_extended_attributes=dict(type='list', options=dict(
name=dict(type='str'),
category=dict(type='str')
)),
deactivate_protections_by_extended_attributes=dict(type='list', options=dict(
name=dict(type='str'),
category=dict(type='str')
)),
use_extended_attributes=dict(type='bool'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'threat-profile'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

126
lib/ansible/modules/network/check_point/cp_mgmt_threat_profile_facts.py
Unescape Escape View File

@ -1,126 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_threat_profile_facts
short_description: Get threat-profile objects facts on Check Point over Web Services API
description:
- Get threat-profile objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-threat-profile
cp_mgmt_threat_profile_facts:
name: Recommended_Profile
- name: show-threat-profiles
cp_mgmt_threat_profile_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "threat-profile"
api_call_object_plural_version = "threat-profiles"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

130
lib/ansible/modules/network/check_point/cp_mgmt_threat_protection_override.py
Unescape Escape View File

@ -1,130 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_threat_protection_override
short_description: Edit existing object using object name or uid.
description:
- Edit existing object using object name or uid.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
comments:
description:
- Protection comments.
type: str
follow_up:
description:
- Tag the protection with pre-defined follow-up flag.
type: bool
overrides:
description:
- Overrides per profile for this protection<br> Note, Remove override for Core protections removes only the action's override. Remove override
for Threat Cloud protections removes the action, track and packet captures.
type: list
suboptions:
action:
description:
- Protection action.
type: str
choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']
profile:
description:
- Profile name.
type: str
capture_packets:
description:
- Capture packets.
type: bool
track:
description:
- Tracking method for protection.
type: str
choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
extends_documentation_fragment: checkpoint_commands
"""
EXAMPLES = """
- name: threat_protection_override
cp_mgmt_threat_protection_override:
name: FTP Commands
overrides:
- action: inactive
capture_packets: true
profile: New Profile 1
track: None
state: present
"""
RETURN = """
cp_mgmt_threat_protection_override:
description: The checkpoint threat_protection_override output.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
def main():
argument_spec = dict(
name=dict(type='str'),
comments=dict(type='str'),
follow_up=dict(type='bool'),
overrides=dict(type='list', options=dict(
action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']),
profile=dict(type='str'),
capture_packets=dict(type='bool'),
track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'])
)),
details_level=dict(type='str', choices=['uid', 'standard', 'full'])
)
argument_spec.update(checkpoint_argument_spec_for_commands)
module = AnsibleModule(argument_spec=argument_spec)
command = "set-threat-protection"
result = api_command(module, command)
module.exit_json(**result)
if __name__ == '__main__':
main()

209
lib/ansible/modules/network/check_point/cp_mgmt_threat_rule.py
Unescape Escape View File

@ -1,209 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_threat_rule
short_description: Manages threat-rule objects on Check Point over Web Services API
description:
- Manages threat-rule objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
position:
description:
- Position in the rulebase.
type: str
layer:
description:
- Layer that the rule belongs to identified by the name or UID.
type: str
name:
description:
- Object name.
type: str
required: True
action:
description:
- Action-the enforced profile.
type: str
destination:
description:
- Collection of Network objects identified by the name or UID.
type: list
destination_negate:
description:
- True if negate is set for destination.
type: bool
enabled:
description:
- Enable/Disable the rule.
type: bool
install_on:
description:
- Which Gateways identified by the name or UID to install the policy on.
type: list
protected_scope:
description:
- Collection of objects defining Protected Scope identified by the name or UID.
type: list
protected_scope_negate:
description:
- True if negate is set for Protected Scope.
type: bool
service:
description:
- Collection of Network objects identified by the name or UID.
type: list
service_negate:
description:
- True if negate is set for Service.
type: bool
source:
description:
- Collection of Network objects identified by the name or UID.
type: list
source_negate:
description:
- True if negate is set for source.
type: bool
track:
description:
- Packet tracking.
type: str
track_settings:
description:
- Threat rule track settings.
type: dict
suboptions:
packet_capture:
description:
- Packet capture.
type: bool
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-threat-rule
cp_mgmt_threat_rule:
comments: ''
install_on: Policy Targets
layer: New Layer 1
name: First threat rule
position: 1
protected_scope: All_Internet
state: present
track: None
- name: set-threat-rule
cp_mgmt_threat_rule:
action: New Profile 1
comments: commnet for the first rule
install_on: Policy Targets
layer: New Layer 1
name: Rule Name
position: 1
protected_scope: All_Internet
state: present
- name: delete-threat-rule
cp_mgmt_threat_rule:
layer: New Layer 1
name: Rule Name
state: absent
"""
RETURN = """
cp_mgmt_threat_rule:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule
def main():
argument_spec = dict(
position=dict(type='str'),
layer=dict(type='str'),
name=dict(type='str', required=True),
action=dict(type='str'),
destination=dict(type='list'),
destination_negate=dict(type='bool'),
enabled=dict(type='bool'),
install_on=dict(type='list'),
protected_scope=dict(type='list'),
protected_scope_negate=dict(type='bool'),
service=dict(type='list'),
service_negate=dict(type='bool'),
source=dict(type='list'),
source_negate=dict(type='bool'),
track=dict(type='str'),
track_settings=dict(type='dict', options=dict(
packet_capture=dict(type='bool')
)),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'threat-rule'
if module.params['position'] is None:
result = api_call(module, api_call_object)
else:
result = api_call_for_rule(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

209
lib/ansible/modules/network/check_point/cp_mgmt_threat_rule_facts.py
Unescape Escape View File

@ -1,209 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_threat_rule_facts
short_description: Get threat-rule objects facts on Check Point over Web Services API
description:
- Get threat-rule objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name. Should be unique in the domain.
type: str
layer:
description:
- Layer that the rule belongs to identified by the name or UID.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
filter:
description:
- Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical
operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
type: str
filter_settings:
description:
- Sets filter preferences.
type: dict
suboptions:
search_mode:
description:
- When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any'
object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell
or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
type: str
choices: ['general', 'packet']
packet_search_settings:
description:
- When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
type: dict
suboptions:
expand_group_members:
description:
- When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at
least one member of the group.
type: bool
expand_group_with_exclusion_members:
description:
- When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that
match at least one member of the "include" part and is not a member of the "except" part.
type: bool
match_on_any:
description:
- Whether to match on 'Any' object.
type: bool
match_on_group_with_exclusion:
description:
- Whether to match on a group-with-exclusion.
type: bool
match_on_negate:
description:
- Whether to match on a negated cell.
type: bool
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
package:
description:
- Name of the package.
type: str
use_object_dictionary:
description:
- N/A
type: bool
dereference_group_members:
description:
- Indicates whether to dereference "members" field by details level for every object in reply.
type: bool
show_membership:
description:
- Indicates whether to calculate and show "groups" field for every object in reply.
type: bool
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-threat-rule
cp_mgmt_threat_rule_facts:
layer: New Layer 1
name: Rule Name
- name: show-threat-rulebase
cp_mgmt_threat_rule_facts:
details_level: standard
filter: ''
limit: 20
name: Threat Prevention
offset: 0
use_object_dictionary: false
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule
def main():
argument_spec = dict(
name=dict(type='str'),
layer=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
filter=dict(type='str'),
filter_settings=dict(type='dict', options=dict(
search_mode=dict(type='str', choices=['general', 'packet']),
packet_search_settings=dict(type='dict', options=dict(
expand_group_members=dict(type='bool'),
expand_group_with_exclusion_members=dict(type='bool'),
match_on_any=dict(type='bool'),
match_on_group_with_exclusion=dict(type='bool'),
match_on_negate=dict(type='bool')
))
)),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
)),
package=dict(type='str'),
use_object_dictionary=dict(type='bool'),
dereference_group_members=dict(type='bool'),
show_membership=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "threat-rule"
api_call_object_plural_version = "threat-rulebase"
result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

280
lib/ansible/modules/network/check_point/cp_mgmt_time.py
Unescape Escape View File

@ -1,280 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_time
short_description: Manages time objects on Check Point over Web Services API
description:
- Manages time objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
end:
description:
- End time. Note, Each gateway may interpret this time differently according to its time zone.
type: dict
suboptions:
date:
description:
- Date in format dd-MMM-yyyy.
type: str
iso_8601:
description:
- Date and time represented in international ISO 8601 format. Time zone information is ignored.
type: str
posix:
description:
- Number of milliseconds that have elapsed since 00,00,00, 1 January 1970.
type: int
time:
description:
- Time in format HH,mm.
type: str
end_never:
description:
- End never.
type: bool
hours_ranges:
description:
- Hours recurrence. Note, Each gateway may interpret this time differently according to its time zone.
type: list
suboptions:
enabled:
description:
- Is hour range enabled.
type: bool
from:
description:
- Time in format HH,MM.
type: str
index:
description:
- Hour range index.
type: int
to:
description:
- Time in format HH,MM.
type: str
start:
description:
- Starting time. Note, Each gateway may interpret this time differently according to its time zone.
type: dict
suboptions:
date:
description:
- Date in format dd-MMM-yyyy.
type: str
iso_8601:
description:
- Date and time represented in international ISO 8601 format. Time zone information is ignored.
type: str
posix:
description:
- Number of milliseconds that have elapsed since 00,00,00, 1 January 1970.
type: int
time:
description:
- Time in format HH,mm.
type: str
start_now:
description:
- Start immediately.
type: bool
tags:
description:
- Collection of tag identifiers.
type: list
recurrence:
description:
- Days recurrence.
type: dict
suboptions:
days:
description:
- Valid on specific days. Multiple options, support range of days in months. Example,["1","3","9-20"].
type: list
month:
description:
- Valid on month. Example, "1", "2","12","Any".
type: str
pattern:
description:
- Valid on "Daily", "Weekly", "Monthly" base.
type: str
weekdays:
description:
- Valid on weekdays. Example, "Sun", "Mon"..."Sat".
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-time
cp_mgmt_time:
end:
date: 24-Nov-2014
time: '21:22'
end_never: 'false'
hours_ranges:
- enabled: true
from: 00:00
index: 1
to: 00:00
- enabled: false
from: 00:00
index: 2
to: 00:00
name: timeObject1
recurrence:
days:
- '1'
month: Any
pattern: Daily
weekdays:
- Sun
- Mon
start_now: 'true'
state: present
- name: set-time
cp_mgmt_time:
hours_ranges:
- from: 00:22
to: 00:33
name: timeObject1
recurrence:
month: Any
pattern: Weekly
weekdays:
- Fri
state: present
- name: delete-time
cp_mgmt_time:
name: timeObject1
state: absent
"""
RETURN = """
cp_mgmt_time:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
end=dict(type='dict', options=dict(
date=dict(type='str'),
iso_8601=dict(type='str'),
posix=dict(type='int'),
time=dict(type='str')
)),
end_never=dict(type='bool'),
hours_ranges=dict(type='list', options=dict(
enabled=dict(type='bool'),
index=dict(type='int'),
to=dict(type='str')
)),
start=dict(type='dict', options=dict(
date=dict(type='str'),
iso_8601=dict(type='str'),
posix=dict(type='int'),
time=dict(type='str')
)),
start_now=dict(type='bool'),
tags=dict(type='list'),
recurrence=dict(type='dict', options=dict(
days=dict(type='list'),
month=dict(type='str'),
pattern=dict(type='str'),
weekdays=dict(type='list')
)),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec['hours_ranges']['options']['from'] = dict(type='str')
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'time'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

126
lib/ansible/modules/network/check_point/cp_mgmt_time_facts.py
Unescape Escape View File

@ -1,126 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_time_facts
short_description: Get time objects facts on Check Point over Web Services API
description:
- Get time objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-time
cp_mgmt_time_facts:
name: timeObject1
- name: show-times
cp_mgmt_time_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "time"
api_call_object_plural_version = "times"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

77
lib/ansible/modules/network/check_point/cp_mgmt_verify_policy.py
Unescape Escape View File

@ -1,77 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_verify_policy
short_description: Verifies the policy of the selected package.
description:
- Verifies the policy of the selected package.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
policy_package:
description:
- Policy package identified by the name or UID.
type: str
extends_documentation_fragment: checkpoint_commands
"""
EXAMPLES = """
- name: verify-policy
cp_mgmt_verify_policy:
policy_package: standard
"""
RETURN = """
cp_mgmt_verify_policy:
description: The checkpoint verify-policy output.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
def main():
argument_spec = dict(
policy_package=dict(type='str')
)
argument_spec.update(checkpoint_argument_spec_for_commands)
module = AnsibleModule(argument_spec=argument_spec)
command = "verify-policy"
result = api_command(module, command)
module.exit_json(**result)
if __name__ == '__main__':
main()

229
lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_meshed.py
Unescape Escape View File

@ -1,229 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_vpn_community_meshed
short_description: Manages vpn-community-meshed objects on Check Point over Web Services API
description:
- Manages vpn-community-meshed objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
encryption_method:
description:
- The encryption method to be used.
type: str
choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']
encryption_suite:
description:
- The encryption suite to be used.
type: str
choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']
gateways:
description:
- Collection of Gateway objects identified by the name or UID.
type: list
ike_phase_1:
description:
- Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom].
type: dict
suboptions:
data_integrity:
description:
- The hash algorithm to be used.
type: str
choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']
diffie_hellman_group:
description:
- The Diffie-Hellman group to be used.
type: str
choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']
encryption_algorithm:
description:
- The encryption algorithm to be used.
type: str
choices: ['cast', 'aes-256', 'des', 'aes-128', '3des']
ike_phase_2:
description:
- Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom].
type: dict
suboptions:
data_integrity:
description:
- The hash algorithm to be used.
type: str
choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']
encryption_algorithm:
description:
- The encryption algorithm to be used.
type: str
choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']
shared_secrets:
description:
- Shared secrets for external gateways.
type: list
suboptions:
external_gateway:
description:
- External gateway identified by the name or UID.
type: str
shared_secret:
description:
- Shared secret.
type: str
tags:
description:
- Collection of tag identifiers.
type: list
use_shared_secret:
description:
- Indicates whether the shared secret should be used for all external gateways.
type: bool
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-vpn-community-meshed
cp_mgmt_vpn_community_meshed:
encryption_method: prefer ikev2 but support ikev1
encryption_suite: custom
ike_phase_1:
data_integrity: sha1
diffie_hellman_group: group 19
encryption_algorithm: aes-128
ike_phase_2:
data_integrity: aes-xcbc
encryption_algorithm: aes-gcm-128
name: New_VPN_Community_Meshed_1
state: present
- name: set-vpn-community-meshed
cp_mgmt_vpn_community_meshed:
encryption_method: ikev2 only
encryption_suite: custom
ike_phase_1:
data_integrity: sha1
diffie_hellman_group: group 19
encryption_algorithm: aes-128
ike_phase_2:
data_integrity: aes-xcbc
encryption_algorithm: aes-gcm-128
name: New_VPN_Community_Meshed_1
state: present
- name: delete-vpn-community-meshed
cp_mgmt_vpn_community_meshed:
name: New_VPN_Community_Meshed_1
state: absent
"""
RETURN = """
cp_mgmt_vpn_community_meshed:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']),
encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']),
gateways=dict(type='list'),
ike_phase_1=dict(type='dict', options=dict(
data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']),
diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']),
encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des'])
)),
ike_phase_2=dict(type='dict', options=dict(
data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']),
encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40',
'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'])
)),
shared_secrets=dict(type='list', options=dict(
external_gateway=dict(type='str'),
shared_secret=dict(type='str')
)),
tags=dict(type='list'),
use_shared_secret=dict(type='bool'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'vpn-community-meshed'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

126
lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_meshed_facts.py
Unescape Escape View File

@ -1,126 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_vpn_community_meshed_facts
short_description: Get vpn-community-meshed objects facts on Check Point over Web Services API
description:
- Get vpn-community-meshed objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-vpn-community-meshed
cp_mgmt_vpn_community_meshed_facts:
name: New_VPN_Community_Meshed_1
- name: show-vpn-communities-meshed
cp_mgmt_vpn_community_meshed_facts:
details_level: full
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "vpn-community-meshed"
api_call_object_plural_version = "vpn-communities-meshed"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

240
lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_star.py
Unescape Escape View File

@ -1,240 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_vpn_community_star
short_description: Manages vpn-community-star objects on Check Point over Web Services API
description:
- Manages vpn-community-star objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
center_gateways:
description:
- Collection of Gateway objects representing center gateways identified by the name or UID.
type: list
encryption_method:
description:
- The encryption method to be used.
type: str
choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']
encryption_suite:
description:
- The encryption suite to be used.
type: str
choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']
ike_phase_1:
description:
- Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom].
type: dict
suboptions:
data_integrity:
description:
- The hash algorithm to be used.
type: str
choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']
diffie_hellman_group:
description:
- The Diffie-Hellman group to be used.
type: str
choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']
encryption_algorithm:
description:
- The encryption algorithm to be used.
type: str
choices: ['cast', 'aes-256', 'des', 'aes-128', '3des']
ike_phase_2:
description:
- Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom].
type: dict
suboptions:
data_integrity:
description:
- The hash algorithm to be used.
type: str
choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']
encryption_algorithm:
description:
- The encryption algorithm to be used.
type: str
choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']
mesh_center_gateways:
description:
- Indicates whether the meshed community is in center.
type: bool
satellite_gateways:
description:
- Collection of Gateway objects representing satellite gateways identified by the name or UID.
type: list
shared_secrets:
description:
- Shared secrets for external gateways.
type: list
suboptions:
external_gateway:
description:
- External gateway identified by the name or UID.
type: str
shared_secret:
description:
- Shared secret.
type: str
tags:
description:
- Collection of tag identifiers.
type: list
use_shared_secret:
description:
- Indicates whether the shared secret should be used for all external gateways.
type: bool
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-vpn-community-star
cp_mgmt_vpn_community_star:
center_gateways: Second_Security_Gateway
encryption_method: prefer ikev2 but support ikev1
encryption_suite: custom
ike_phase_1:
data_integrity: sha1
diffie_hellman_group: group 19
encryption_algorithm: aes-128
ike_phase_2:
data_integrity: aes-xcbc
encryption_algorithm: aes-gcm-128
name: New_VPN_Community_Star_1
state: present
- name: set-vpn-community-star
cp_mgmt_vpn_community_star:
encryption_method: ikev2 only
encryption_suite: custom
ike_phase_1:
data_integrity: sha1
diffie_hellman_group: group 19
encryption_algorithm: aes-128
ike_phase_2:
data_integrity: aes-xcbc
encryption_algorithm: aes-gcm-128
name: New_VPN_Community_Star_1
state: present
- name: delete-vpn-community-star
cp_mgmt_vpn_community_star:
name: New_VPN_Community_Star_1
state: absent
"""
RETURN = """
cp_mgmt_vpn_community_star:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
center_gateways=dict(type='list'),
encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']),
encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']),
ike_phase_1=dict(type='dict', options=dict(
data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']),
diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']),
encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des'])
)),
ike_phase_2=dict(type='dict', options=dict(
data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']),
encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40',
'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'])
)),
mesh_center_gateways=dict(type='bool'),
satellite_gateways=dict(type='list'),
shared_secrets=dict(type='list', options=dict(
external_gateway=dict(type='str'),
shared_secret=dict(type='str')
)),
tags=dict(type='list'),
use_shared_secret=dict(type='bool'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'vpn-community-star'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

126
lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_star_facts.py
Unescape Escape View File

@ -1,126 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_vpn_community_star_facts
short_description: Get vpn-community-star objects facts on Check Point over Web Services API
description:
- Get vpn-community-star objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-vpn-community-star
cp_mgmt_vpn_community_star_facts:
name: New_VPN_Community_Meshed_1
- name: show-vpn-communities-star
cp_mgmt_vpn_community_star_facts:
details_level: full
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "vpn-community-star"
api_call_object_plural_version = "vpn-communities-star"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

157
lib/ansible/modules/network/check_point/cp_mgmt_wildcard.py
Unescape Escape View File

@ -1,157 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_wildcard
short_description: Manages wildcard objects on Check Point over Web Services API
description:
- Manages wildcard objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
type: str
required: True
ipv4_address:
description:
- IPv4 address.
type: str
ipv4_mask_wildcard:
description:
- IPv4 mask wildcard.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
ipv6_mask_wildcard:
description:
- IPv6 mask wildcard.
type: str
tags:
description:
- Collection of tag identifiers.
type: list
color:
description:
- Color of the object. Should be one of existing colors.
type: str
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
comments:
description:
- Comments string.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
groups:
description:
- Collection of group identifiers.
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
extends_documentation_fragment: checkpoint_objects
"""
EXAMPLES = """
- name: add-wildcard
cp_mgmt_wildcard:
ipv4_address: 192.168.2.1
ipv4_mask_wildcard: 0.0.0.128
name: New Wildcard 1
state: present
- name: set-wildcard
cp_mgmt_wildcard:
color: green
ipv6_address: 2001:db8::1111
ipv6_mask_wildcard: ffff:ffff::f0f0
name: New Wildcard 1
state: present
- name: delete-wildcard
cp_mgmt_wildcard:
name: New Wildcard 1
state: absent
"""
RETURN = """
cp_mgmt_wildcard:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
def main():
argument_spec = dict(
name=dict(type='str', required=True),
ipv4_address=dict(type='str'),
ipv4_mask_wildcard=dict(type='str'),
ipv6_address=dict(type='str'),
ipv6_mask_wildcard=dict(type='str'),
tags=dict(type='list'),
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
'yellow']),
comments=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
groups=dict(type='list'),
ignore_warnings=dict(type='bool'),
ignore_errors=dict(type='bool')
)
argument_spec.update(checkpoint_argument_spec_for_objects)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
api_call_object = 'wildcard'
result = api_call(module, api_call_object)
module.exit_json(**result)
if __name__ == '__main__':
main()

126
lib/ansible/modules/network/check_point/cp_mgmt_wildcard_facts.py
Unescape Escape View File

@ -1,126 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Ansible module to manage Check Point Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: cp_mgmt_wildcard_facts
short_description: Get wildcard objects facts on Check Point over Web Services API
description:
- Get wildcard objects facts on Check Point devices.
- All operations are performed over Web Services API.
- This module handles both operations, get a specific object and get several objects,
For getting a specific object use the parameter 'name'.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
name:
description:
- Object name.
This parameter is relevant only for getting a specific object.
type: str
details_level:
description:
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
representation of the object.
type: str
choices: ['uid', 'standard', 'full']
limit:
description:
- No more than that many results will be returned.
This parameter is relevant only for getting few objects.
type: int
offset:
description:
- Skip that many results before beginning to return them.
This parameter is relevant only for getting few objects.
type: int
order:
description:
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
This parameter is relevant only for getting few objects.
type: list
suboptions:
ASC:
description:
- Sorts results by the given field in ascending order.
type: str
choices: ['name']
DESC:
description:
- Sorts results by the given field in descending order.
type: str
choices: ['name']
extends_documentation_fragment: checkpoint_facts
"""
EXAMPLES = """
- name: show-wildcard
cp_mgmt_wildcard_facts:
name: New Wildcard 1
- name: show-wildcards
cp_mgmt_wildcard_facts:
details_level: standard
limit: 50
offset: 0
"""
RETURN = """
ansible_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
def main():
argument_spec = dict(
name=dict(type='str'),
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
limit=dict(type='int'),
offset=dict(type='int'),
order=dict(type='list', options=dict(
ASC=dict(type='str', choices=['name']),
DESC=dict(type='str', choices=['name'])
))
)
argument_spec.update(checkpoint_argument_spec_for_facts)
module = AnsibleModule(argument_spec=argument_spec)
api_call_object = "wildcard"
api_call_object_plural_version = "wildcards"
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
module.exit_json(ansible_facts=result)
if __name__ == '__main__':
main()

24
lib/ansible/plugins/doc_fragments/checkpoint_commands.py
Unescape Escape View File

@ -1,24 +0,0 @@
# -*- coding: utf-8 -*-
# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
class ModuleDocFragment(object):
# Standard files documentation fragment
DOCUMENTATION = r'''
options:
wait_for_task:
description:
- Wait for the task to end. Such as publish task.
type: bool
default: True
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
'''

19
lib/ansible/plugins/doc_fragments/checkpoint_facts.py
Unescape Escape View File

@ -1,19 +0,0 @@
# -*- coding: utf-8 -*-
# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
class ModuleDocFragment(object):
# Standard files documentation fragment
DOCUMENTATION = r'''
options:
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
'''

37
lib/ansible/plugins/doc_fragments/checkpoint_objects.py
Unescape Escape View File

@ -1,37 +0,0 @@
# -*- coding: utf-8 -*-
# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
class ModuleDocFragment(object):
# Standard files documentation fragment
DOCUMENTATION = r'''
options:
state:
description:
- State of the access rule (present or absent). Defaults to present.
type: str
default: present
choices:
- 'present'
- 'absent'
auto_publish_session:
description:
- Publish the current session if changes have been performed
after task completes.
type: bool
wait_for_task:
description:
- Wait for the task to end. Such as publish task.
type: bool
default: True
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
'''

94
lib/ansible/plugins/httpapi/checkpoint.py
Unescape Escape View File

@ -1,94 +0,0 @@
# (c) 2018 Red Hat Inc.
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = """
---
author: Ansible Networking Team
httpapi : checkpoint
short_description: HttpApi Plugin for Checkpoint devices
description:
- This HttpApi plugin provides methods to connect to Checkpoint
devices over a HTTP(S)-based api.
version_added: "2.8"
options:
domain:
type: str
description:
- Specifies the domain of the Check Point device
vars:
- name: ansible_checkpoint_domain
version_added: "2.10"
"""
import json
from ansible.module_utils.basic import to_text
from ansible.errors import AnsibleConnectionFailure
from ansible.module_utils.six.moves.urllib.error import HTTPError
from ansible.plugins.httpapi import HttpApiBase
from ansible.module_utils.connection import ConnectionError
BASE_HEADERS = {
'Content-Type': 'application/json',
}
class HttpApi(HttpApiBase):
def login(self, username, password):
if username and password:
cp_domain = self.get_option('domain')
if cp_domain:
payload = {'user': username, 'password': password, 'domain': cp_domain}
else:
payload = {'user': username, 'password': password}
url = '/web_api/login'
response, response_data = self.send_request(url, payload)
else:
raise AnsibleConnectionFailure('Username and password are required for login')
try:
self.connection._auth = {'X-chkp-sid': response_data['sid']}
self.connection._session_uid = response_data['uid']
except KeyError:
raise ConnectionError(
'Server returned response without token info during connection authentication: %s' % response)
def logout(self):
url = '/web_api/logout'
response, dummy = self.send_request(url, None)
def get_session_uid(self):
return self.connection._session_uid
def send_request(self, path, body_params):
data = json.dumps(body_params) if body_params else '{}'
try:
self._display_request()
response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS)
value = self._get_response_value(response_data)
return response.getcode(), self._response_to_json(value)
except AnsibleConnectionFailure as e:
return 404, e.message
except HTTPError as e:
error = json.loads(e.read())
return e.code, error
def _display_request(self):
self.connection.queue_message('vvvv', 'Web Services: %s %s' % ('POST', self.connection._url))
def _get_response_value(self, response_data):
return to_text(response_data.getvalue())
def _response_to_json(self, response_text):
try:
return json.loads(response_text) if response_text else {}
# JSONDecodeError only available on Python 3.5+
except ValueError:
raise ConnectionError('Invalid JSON response: %s' % response_text)

85
test/sanity/ignore.txt
Unescape Escape View File

@ -88,7 +88,6 @@ lib/ansible/module_utils/json_utils.py future-import-boilerplate
lib/ansible/module_utils/json_utils.py metaclass-boilerplate
lib/ansible/module_utils/network/asa/asa.py future-import-boilerplate
lib/ansible/module_utils/network/asa/asa.py metaclass-boilerplate
lib/ansible/module_utils/network/checkpoint/checkpoint.py metaclass-boilerplate
lib/ansible/module_utils/network/dellos10/dellos10.py future-import-boilerplate
lib/ansible/module_utils/network/dellos10/dellos10.py metaclass-boilerplate
lib/ansible/module_utils/network/dellos6/dellos6.py future-import-boilerplate
@ -1628,90 +1627,6 @@ lib/ansible/modules/network/asa/asa_config.py yamllint:unparsable-with-libyaml
lib/ansible/modules/network/asa/asa_og.py validate-modules:doc-missing-type
lib/ansible/modules/network/asa/asa_og.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/asa/asa_og.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/network/check_point/cp_mgmt_access_layer.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_access_layer_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_access_role.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_access_role_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_access_rule.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_access_rule_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_address_range.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_address_range_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_administrator.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_administrator_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_application_site.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_application_site_category.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_application_site_category_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_application_site_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_application_site_group.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_application_site_group_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_assign_global_assignment.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_dns_domain.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_dns_domain_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_dynamic_object.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_dynamic_object_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_exception_group.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_exception_group_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_global_assignment_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_group.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_group_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_group_with_exclusion.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_group_with_exclusion_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_host.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_host_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_install_policy.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_mds_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_multicast_address_range.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_multicast_address_range_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_network.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_network_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_package.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_package_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_put_file.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_run_script.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_security_zone.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_security_zone_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_dce_rpc.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_dce_rpc_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_group.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_group_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_icmp.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_icmp6.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_icmp6_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_icmp_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_other.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_other_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_rpc.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_rpc_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_sctp.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_sctp_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_tcp.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_tcp_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_udp.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_service_udp_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_session_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_simple_gateway.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_simple_gateway_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_tag.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_tag_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_threat_exception.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_threat_exception_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_threat_indicator.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_threat_indicator_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_threat_layer.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_threat_layer_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_threat_profile.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_threat_profile_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_threat_protection_override.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_threat_rule.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_threat_rule_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_time.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_time_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_meshed.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_meshed_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_star.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_star_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_wildcard.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/check_point/cp_mgmt_wildcard_facts.py validate-modules:parameter-list-no-elements
lib/ansible/modules/network/dellos10/dellos10_command.py validate-modules:doc-default-does-not-match-spec
lib/ansible/modules/network/dellos10/dellos10_command.py validate-modules:doc-missing-type
lib/ansible/modules/network/dellos10/dellos10_command.py validate-modules:doc-required-mismatch

110
test/units/modules/network/check_point/test_cp_mgmt_access_layer.py
Unescape Escape View File

@ -1,110 +0,0 @@
# Ansible module to manage CheckPoint Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
import pytest
from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
from ansible.module_utils import basic
from ansible.modules.network.check_point import cp_mgmt_access_layer
OBJECT = {
"name": "New Layer 1"
}
CREATE_PAYLOAD = {
"name": "New Layer 1"
}
UPDATE_PAYLOAD = {
"name": "New Layer 1",
"applications_and_url_filtering": False
}
OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD
DELETE_PAYLOAD = {
"name": "New Layer 1",
"state": "absent"
}
function_path = 'ansible.modules.network.check_point.cp_mgmt_access_layer.api_call'
api_call_object = 'access-layer'
class TestCheckpointAccessLayer(object):
module = cp_mgmt_access_layer
@pytest.fixture(autouse=True)
def module_mock(self, mocker):
return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
@pytest.fixture
def connection_mock(self, mocker):
connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
return connection_class_mock.return_value
def test_create(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': True, api_call_object: OBJECT}
result = self._run_module(CREATE_PAYLOAD)
assert result['changed']
assert OBJECT.items() == result[api_call_object].items()
def test_create_idempotent(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': False, api_call_object: OBJECT}
result = self._run_module(CREATE_PAYLOAD)
assert not result['changed']
def test_update(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE}
result = self._run_module(UPDATE_PAYLOAD)
assert result['changed']
assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items()
def test_update_idempotent(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE}
result = self._run_module(UPDATE_PAYLOAD)
assert not result['changed']
def test_delete(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': True}
result = self._run_module(DELETE_PAYLOAD)
assert result['changed']
def test_delete_idempotent(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': False}
result = self._run_module(DELETE_PAYLOAD)
assert not result['changed']
def _run_module(self, module_args):
set_module_args(module_args)
with pytest.raises(AnsibleExitJson) as ex:
self.module.main()
return ex.value.args[0]

82
test/units/modules/network/check_point/test_cp_mgmt_access_layer_facts.py
Unescape Escape View File

@ -1,82 +0,0 @@
# Ansible module to manage CheckPoint Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
import pytest
from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
from ansible.module_utils import basic
from ansible.modules.network.check_point import cp_mgmt_access_layer_facts
OBJECT = {
"from": 1,
"to": 1,
"total": 6,
"objects": [
"53de74b7-8f19-4cbe-99fc-a81ef0759bad"
]
}
SHOW_PLURAL_PAYLOAD = {
'limit': 1,
'details_level': 'uid'
}
SHOW_SINGLE_PAYLOAD = {
'name': 'object_which_is_not_exist'
}
api_call_object = 'access-layer'
api_call_object_plural_version = 'access-layers'
failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}'''
class TestCheckpointAccessLayerFacts(object):
module = cp_mgmt_access_layer_facts
@pytest.fixture(autouse=True)
def module_mock(self, mocker):
return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
@pytest.fixture
def connection_mock(self, mocker):
connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
return connection_class_mock.return_value
def test_show_single_object_which_is_not_exist(self, mocker, connection_mock):
connection_mock.send_request.return_value = (404, failure_msg)
try:
result = self._run_module(SHOW_SINGLE_PAYLOAD)
except Exception as e:
result = e.args[0]
assert result['failed']
assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg']
def test_show_few_objects(self, mocker, connection_mock):
connection_mock.send_request.return_value = (200, OBJECT)
result = self._run_module(SHOW_PLURAL_PAYLOAD)
assert not result['changed']
assert OBJECT == result['ansible_facts'][api_call_object_plural_version]
def _run_module(self, module_args):
set_module_args(module_args)
with pytest.raises(AnsibleExitJson) as ex:
self.module.main()
return ex.value.args[0]

119
test/units/modules/network/check_point/test_cp_mgmt_access_role.py
Unescape Escape View File

@ -1,119 +0,0 @@
# Ansible module to manage CheckPoint Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
import pytest
from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
from ansible.module_utils import basic
from ansible.modules.network.check_point import cp_mgmt_access_role
OBJECT = {
"name": "New Access Role 1",
"networks": "any",
"users": "any",
"machines": "all identified",
"remote_access_clients": "any"
}
CREATE_PAYLOAD = {
"name": "New Access Role 1",
"networks": "any",
"users": "any",
"machines": "all identified",
"remote_access_clients": "any"
}
UPDATE_PAYLOAD = {
"name": "New Access Role 1",
"users": "all identified",
"machines": "any"
}
OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD
DELETE_PAYLOAD = {
"name": "New Access Role 1",
"state": "absent"
}
function_path = 'ansible.modules.network.check_point.cp_mgmt_access_role.api_call'
api_call_object = 'access-role'
class TestCheckpointAccessRole(object):
module = cp_mgmt_access_role
@pytest.fixture(autouse=True)
def module_mock(self, mocker):
return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
@pytest.fixture
def connection_mock(self, mocker):
connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
return connection_class_mock.return_value
def test_create(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': True, api_call_object: OBJECT}
result = self._run_module(CREATE_PAYLOAD)
assert result['changed']
assert OBJECT.items() == result[api_call_object].items()
def test_create_idempotent(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': False, api_call_object: OBJECT}
result = self._run_module(CREATE_PAYLOAD)
assert not result['changed']
def test_update(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE}
result = self._run_module(UPDATE_PAYLOAD)
assert result['changed']
assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items()
def test_update_idempotent(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE}
result = self._run_module(UPDATE_PAYLOAD)
assert not result['changed']
def test_delete(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': True}
result = self._run_module(DELETE_PAYLOAD)
assert result['changed']
def test_delete_idempotent(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': False}
result = self._run_module(DELETE_PAYLOAD)
assert not result['changed']
def _run_module(self, module_args):
set_module_args(module_args)
with pytest.raises(AnsibleExitJson) as ex:
self.module.main()
return ex.value.args[0]

82
test/units/modules/network/check_point/test_cp_mgmt_access_role_facts.py
Unescape Escape View File

@ -1,82 +0,0 @@
# Ansible module to manage CheckPoint Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
import pytest
from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
from ansible.module_utils import basic
from ansible.modules.network.check_point import cp_mgmt_access_role_facts
OBJECT = {
"from": 1,
"to": 1,
"total": 6,
"objects": [
"53de74b7-8f19-4cbe-99fc-a81ef0759bad"
]
}
SHOW_PLURAL_PAYLOAD = {
'limit': 1,
'details_level': 'uid'
}
SHOW_SINGLE_PAYLOAD = {
'name': 'object_which_is_not_exist'
}
api_call_object = 'access-role'
api_call_object_plural_version = 'access-roles'
failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}'''
class TestCheckpointAccessRoleFacts(object):
module = cp_mgmt_access_role_facts
@pytest.fixture(autouse=True)
def module_mock(self, mocker):
return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
@pytest.fixture
def connection_mock(self, mocker):
connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
return connection_class_mock.return_value
def test_show_single_object_which_is_not_exist(self, mocker, connection_mock):
connection_mock.send_request.return_value = (404, failure_msg)
try:
result = self._run_module(SHOW_SINGLE_PAYLOAD)
except Exception as e:
result = e.args[0]
assert result['failed']
assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg']
def test_show_few_objects(self, mocker, connection_mock):
connection_mock.send_request.return_value = (200, OBJECT)
result = self._run_module(SHOW_PLURAL_PAYLOAD)
assert not result['changed']
assert OBJECT == result['ansible_facts'][api_call_object_plural_version]
def _run_module(self, module_args):
set_module_args(module_args)
with pytest.raises(AnsibleExitJson) as ex:
self.module.main()
return ex.value.args[0]

124
test/units/modules/network/check_point/test_cp_mgmt_access_rule.py
Unescape Escape View File

@ -1,124 +0,0 @@
# Ansible module to manage CheckPoint Firewall (c) 2019
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
import pytest
from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
from ansible.module_utils import basic
from ansible.modules.network.check_point import cp_mgmt_access_rule
OBJECT = {
"layer": "Network",
"name": "Rule 1",
"service": [
"SMTP",
"AOL"
]
}
CREATE_PAYLOAD = {
"layer": "Network",
"name": "Rule 1",
"service": [
"SMTP",
"AOL"
]
}
UPDATE_PAYLOAD = {
"name": "Rule 1",
"layer": "Network",
"action_settings": {
"limit": "Upload_1Gbps",
"enable_identity_captive_portal": True
}
}
OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD
DELETE_PAYLOAD = {
"name": "Rule 1",
"state": "absent"
}
function_path = 'ansible.modules.network.check_point.cp_mgmt_access_rule.api_call'
api_call_object = 'access-rule'
class TestCheckpointAccessRule(object):
module = cp_mgmt_access_rule
@pytest.fixture(autouse=True)
def module_mock(self, mocker):
return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
@pytest.fixture
def connection_mock(self, mocker):
connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
return connection_class_mock.return_value
def test_create(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': True, api_call_object: OBJECT}
result = self._run_module(CREATE_PAYLOAD)
assert result['changed']
assert OBJECT.items() == result[api_call_object].items()
def test_create_idempotent(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': False, api_call_object: OBJECT}
result = self._run_module(CREATE_PAYLOAD)
assert not result['changed']
def test_update(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE}
result = self._run_module(UPDATE_PAYLOAD)
assert result['changed']
assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items()
def test_update_idempotent(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE}
result = self._run_module(UPDATE_PAYLOAD)
assert not result['changed']
def test_delete(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': True}
result = self._run_module(DELETE_PAYLOAD)
assert result['changed']
def test_delete_idempotent(self, mocker, connection_mock):
mock_function = mocker.patch(function_path)
mock_function.return_value = {'changed': False}
result = self._run_module(DELETE_PAYLOAD)
assert not result['changed']
def _run_module(self, module_args):
set_module_args(module_args)
with pytest.raises(AnsibleExitJson) as ex:
self.module.main()
return ex.value.args[0]

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save