mirror of https://github.com/ansible/ansible.git
Migrated to check_point.mgmt
parent
f0cf2c159b
commit
6da1ec1d8c
@ -1,469 +0,0 @@
|
||||
# This code is part of Ansible, but is an independent component.
|
||||
# This particular file snippet, and this file snippet only, is BSD licensed.
|
||||
# Modules you write using this snippet, which is embedded dynamically by Ansible
|
||||
# still belong to the author of the module, and may assign their own license
|
||||
# to the complete work.
|
||||
#
|
||||
# (c) 2018 Red Hat Inc.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without modification,
|
||||
# are permitted provided that the following conditions are met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# * Redistributions in binary form must reproduce the above copyright notice,
|
||||
# this list of conditions and the following disclaimer in the documentation
|
||||
# and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
|
||||
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
import time
|
||||
|
||||
from ansible.module_utils.connection import Connection
|
||||
|
||||
checkpoint_argument_spec_for_objects = dict(
|
||||
auto_publish_session=dict(type='bool'),
|
||||
wait_for_task=dict(type='bool', default=True),
|
||||
state=dict(type='str', choices=['present', 'absent'], default='present'),
|
||||
version=dict(type='str')
|
||||
)
|
||||
|
||||
checkpoint_argument_spec_for_facts = dict(
|
||||
version=dict(type='str')
|
||||
)
|
||||
|
||||
checkpoint_argument_spec_for_commands = dict(
|
||||
wait_for_task=dict(type='bool', default=True),
|
||||
version=dict(type='str')
|
||||
)
|
||||
|
||||
delete_params = ['name', 'uid', 'layer', 'exception-group-name', 'layer', 'rule-name']
|
||||
|
||||
|
||||
# send the request to checkpoint
|
||||
def send_request(connection, version, url, payload=None):
|
||||
code, response = connection.send_request('/web_api/' + version + url, payload)
|
||||
|
||||
return code, response
|
||||
|
||||
|
||||
# get the payload from the user parameters
|
||||
def is_checkpoint_param(parameter):
|
||||
if parameter == 'auto_publish_session' or \
|
||||
parameter == 'state' or \
|
||||
parameter == 'wait_for_task' or \
|
||||
parameter == 'version':
|
||||
return False
|
||||
return True
|
||||
|
||||
|
||||
# build the payload from the parameters which has value (not None), and they are parameter of checkpoint API as well
|
||||
def get_payload_from_parameters(params):
|
||||
payload = {}
|
||||
for parameter in params:
|
||||
parameter_value = params[parameter]
|
||||
if parameter_value is not None and is_checkpoint_param(parameter):
|
||||
if isinstance(parameter_value, dict):
|
||||
payload[parameter.replace("_", "-")] = get_payload_from_parameters(parameter_value)
|
||||
elif isinstance(parameter_value, list) and len(parameter_value) != 0 and isinstance(parameter_value[0], dict):
|
||||
payload_list = []
|
||||
for element_dict in parameter_value:
|
||||
payload_list.append(get_payload_from_parameters(element_dict))
|
||||
payload[parameter.replace("_", "-")] = payload_list
|
||||
else:
|
||||
payload[parameter.replace("_", "-")] = parameter_value
|
||||
return payload
|
||||
|
||||
|
||||
# wait for task
|
||||
def wait_for_task(module, version, connection, task_id):
|
||||
task_id_payload = {'task-id': task_id}
|
||||
task_complete = False
|
||||
current_iteration = 0
|
||||
max_num_iterations = 300
|
||||
|
||||
# As long as there is a task in progress
|
||||
while not task_complete and current_iteration < max_num_iterations:
|
||||
current_iteration += 1
|
||||
# Check the status of the task
|
||||
code, response = send_request(connection, version, 'show-task', task_id_payload)
|
||||
|
||||
attempts_counter = 0
|
||||
while code != 200:
|
||||
if attempts_counter < 5:
|
||||
attempts_counter += 1
|
||||
time.sleep(2)
|
||||
code, response = send_request(connection, version, 'show-task', task_id_payload)
|
||||
else:
|
||||
response['message'] = "ERROR: Failed to handle asynchronous tasks as synchronous, tasks result is" \
|
||||
" undefined.\n" + response['message']
|
||||
module.fail_json(msg=response)
|
||||
|
||||
# Count the number of tasks that are not in-progress
|
||||
completed_tasks = 0
|
||||
for task in response['tasks']:
|
||||
if task['status'] == 'failed':
|
||||
module.fail_json(msg='Task {0} with task id {1} failed. Look at the logs for more details'
|
||||
.format(task['task-name'], task['task-id']))
|
||||
if task['status'] == 'in progress':
|
||||
break
|
||||
completed_tasks += 1
|
||||
|
||||
# Are we done? check if all tasks are completed
|
||||
if completed_tasks == len(response["tasks"]):
|
||||
task_complete = True
|
||||
else:
|
||||
time.sleep(2) # Wait for two seconds
|
||||
if not task_complete:
|
||||
module.fail_json(msg="ERROR: Timeout.\nTask-id: {0}.".format(task_id_payload['task-id']))
|
||||
|
||||
|
||||
# handle publish command, and wait for it to end if the user asked so
|
||||
def handle_publish(module, connection, version):
|
||||
if module.params['auto_publish_session']:
|
||||
publish_code, publish_response = send_request(connection, version, 'publish')
|
||||
if publish_code != 200:
|
||||
module.fail_json(msg=publish_response)
|
||||
if module.params['wait_for_task']:
|
||||
wait_for_task(module, version, connection, publish_response['task-id'])
|
||||
|
||||
|
||||
# handle a command
|
||||
def api_command(module, command):
|
||||
payload = get_payload_from_parameters(module.params)
|
||||
connection = Connection(module._socket_path)
|
||||
# if user insert a specific version, we add it to the url
|
||||
version = ('v' + module.params['version'] + '/') if module.params.get('version') else ''
|
||||
|
||||
code, response = send_request(connection, version, command, payload)
|
||||
result = {'changed': True}
|
||||
|
||||
if code == 200:
|
||||
if module.params['wait_for_task']:
|
||||
if 'task-id' in response:
|
||||
wait_for_task(module, version, connection, response['task-id'])
|
||||
elif 'tasks' in response:
|
||||
for task_id in response['tasks']:
|
||||
wait_for_task(module, version, connection, task_id)
|
||||
|
||||
result[command] = response
|
||||
else:
|
||||
module.fail_json(msg='Checkpoint device returned error {0} with message {1}'.format(code, response))
|
||||
|
||||
return result
|
||||
|
||||
|
||||
# handle api call facts
|
||||
def api_call_facts(module, api_call_object, api_call_object_plural_version):
|
||||
payload = get_payload_from_parameters(module.params)
|
||||
connection = Connection(module._socket_path)
|
||||
# if user insert a specific version, we add it to the url
|
||||
version = ('v' + module.params['version'] + '/') if module.params['version'] else ''
|
||||
|
||||
# if there is neither name nor uid, the API command will be in plural version (e.g. show-hosts instead of show-host)
|
||||
if payload.get("name") is None and payload.get("uid") is None:
|
||||
api_call_object = api_call_object_plural_version
|
||||
|
||||
code, response = send_request(connection, version, 'show-' + api_call_object, payload)
|
||||
if code != 200:
|
||||
module.fail_json(msg='Checkpoint device returned error {0} with message {1}'.format(code, response))
|
||||
|
||||
result = {api_call_object: response}
|
||||
return result
|
||||
|
||||
|
||||
# handle api call
|
||||
def api_call(module, api_call_object):
|
||||
payload = get_payload_from_parameters(module.params)
|
||||
connection = Connection(module._socket_path)
|
||||
|
||||
result = {'changed': False}
|
||||
if module.check_mode:
|
||||
return result
|
||||
|
||||
# if user insert a specific version, we add it to the url
|
||||
version = ('v' + module.params['version'] + '/') if module.params.get('version') else ''
|
||||
|
||||
payload_for_equals = {'type': api_call_object, 'params': payload}
|
||||
equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals)
|
||||
|
||||
result['checkpoint_session_uid'] = connection.get_session_uid()
|
||||
|
||||
# if code is 400 (bad request) or 500 (internal error) - fail
|
||||
if equals_code == 400 or equals_code == 500:
|
||||
module.fail_json(msg=equals_response)
|
||||
if equals_code == 404 and equals_response['code'] == 'generic_err_command_not_found':
|
||||
module.fail_json(msg='Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center.')
|
||||
|
||||
if module.params['state'] == 'present':
|
||||
if equals_code == 200:
|
||||
if not equals_response['equals']:
|
||||
code, response = send_request(connection, version, 'set-' + api_call_object, payload)
|
||||
if code != 200:
|
||||
module.fail_json(msg=response)
|
||||
|
||||
handle_publish(module, connection, version)
|
||||
|
||||
result['changed'] = True
|
||||
result[api_call_object] = response
|
||||
else:
|
||||
# objects are equals and there is no need for set request
|
||||
pass
|
||||
elif equals_code == 404:
|
||||
code, response = send_request(connection, version, 'add-' + api_call_object, payload)
|
||||
if code != 200:
|
||||
module.fail_json(msg=response)
|
||||
|
||||
handle_publish(module, connection, version)
|
||||
|
||||
result['changed'] = True
|
||||
result[api_call_object] = response
|
||||
elif module.params['state'] == 'absent':
|
||||
if equals_code == 200:
|
||||
payload_for_delete = get_copy_payload_with_some_params(payload, delete_params)
|
||||
code, response = send_request(connection, version, 'delete-' + api_call_object, payload_for_delete)
|
||||
if code != 200:
|
||||
module.fail_json(msg=response)
|
||||
|
||||
handle_publish(module, connection, version)
|
||||
|
||||
result['changed'] = True
|
||||
elif equals_code == 404:
|
||||
# no need to delete because object dose not exist
|
||||
pass
|
||||
|
||||
return result
|
||||
|
||||
|
||||
# get the position in integer format
|
||||
def get_number_from_position(payload, connection, version):
|
||||
if 'position' in payload:
|
||||
position = payload['position']
|
||||
else:
|
||||
return None
|
||||
|
||||
# This code relevant if we will decide to support 'top' and 'bottom' in position
|
||||
|
||||
# position_number = None
|
||||
# # if position is not int, convert it to int. There are several cases: "top"
|
||||
# if position == 'top':
|
||||
# position_number = 1
|
||||
# elif position == 'bottom':
|
||||
# payload_for_show_access_rulebase = {'name': payload['layer'], 'limit': 0}
|
||||
# code, response = send_request(connection, version, 'show-access-rulebase', payload_for_show_access_rulebase)
|
||||
# position_number = response['total']
|
||||
# elif isinstance(position, str):
|
||||
# # here position is a number in format str (e.g. "5" and not 5)
|
||||
# position_number = int(position)
|
||||
# else:
|
||||
# # here position suppose to be int
|
||||
# position_number = position
|
||||
#
|
||||
# return position_number
|
||||
|
||||
return int(position)
|
||||
|
||||
|
||||
# is the param position (if the user inserted it) equals between the object and the user input
|
||||
def is_equals_with_position_param(payload, connection, version, api_call_object):
|
||||
position_number = get_number_from_position(payload, connection, version)
|
||||
|
||||
# if there is no position param, then it's equals in vacuous truth
|
||||
if position_number is None:
|
||||
return True
|
||||
|
||||
payload_for_show_access_rulebase = {'name': payload['layer'], 'offset': position_number - 1, 'limit': 1}
|
||||
rulebase_command = 'show-' + api_call_object.split('-')[0] + '-rulebase'
|
||||
|
||||
# if it's threat-exception, we change a little the payload and the command
|
||||
if api_call_object == 'threat-exception':
|
||||
payload_for_show_access_rulebase['rule-name'] = payload['rule-name']
|
||||
rulebase_command = 'show-threat-rule-exception-rulebase'
|
||||
|
||||
code, response = send_request(connection, version, rulebase_command, payload_for_show_access_rulebase)
|
||||
|
||||
# if true, it means there is no rule in the position that the user inserted, so I return false, and when we will try to set
|
||||
# the rule, the API server will get throw relevant error
|
||||
if response['total'] < position_number:
|
||||
return False
|
||||
|
||||
rule = response['rulebase'][0]
|
||||
while 'rulebase' in rule:
|
||||
rule = rule['rulebase'][0]
|
||||
|
||||
# if the names of the exist rule and the user input rule are equals, then it's means that their positions are equals so I
|
||||
# return True. and there is no way that there is another rule with this name cause otherwise the 'equals' command would fail
|
||||
if rule['name'] == payload['name']:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
|
||||
# get copy of the payload without some of the params
|
||||
def get_copy_payload_without_some_params(payload, params_to_remove):
|
||||
copy_payload = dict(payload)
|
||||
for param in params_to_remove:
|
||||
if param in copy_payload:
|
||||
del copy_payload[param]
|
||||
return copy_payload
|
||||
|
||||
|
||||
# get copy of the payload with only some of the params
|
||||
def get_copy_payload_with_some_params(payload, params_to_insert):
|
||||
copy_payload = {}
|
||||
for param in params_to_insert:
|
||||
if param in payload:
|
||||
copy_payload[param] = payload[param]
|
||||
return copy_payload
|
||||
|
||||
|
||||
# is equals with all the params including action and position
|
||||
def is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule):
|
||||
if is_access_rule and 'action' in payload:
|
||||
payload_for_show = get_copy_payload_with_some_params(payload, ['name', 'uid', 'layer'])
|
||||
code, response = send_request(connection, version, 'show-' + api_call_object, payload_for_show)
|
||||
exist_action = response['action']['name']
|
||||
if exist_action != payload['action']:
|
||||
return False
|
||||
if not is_equals_with_position_param(payload, connection, version, api_call_object):
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
|
||||
# handle api call for rule
|
||||
def api_call_for_rule(module, api_call_object):
|
||||
is_access_rule = True if 'access' in api_call_object else False
|
||||
payload = get_payload_from_parameters(module.params)
|
||||
connection = Connection(module._socket_path)
|
||||
|
||||
result = {'changed': False}
|
||||
if module.check_mode:
|
||||
return result
|
||||
|
||||
# if user insert a specific version, we add it to the url
|
||||
version = ('v' + module.params['version'] + '/') if module.params.get('version') else ''
|
||||
|
||||
if is_access_rule:
|
||||
copy_payload_without_some_params = get_copy_payload_without_some_params(payload, ['action', 'position'])
|
||||
else:
|
||||
copy_payload_without_some_params = get_copy_payload_without_some_params(payload, ['position'])
|
||||
payload_for_equals = {'type': api_call_object, 'params': copy_payload_without_some_params}
|
||||
equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals)
|
||||
|
||||
result['checkpoint_session_uid'] = connection.get_session_uid()
|
||||
|
||||
# if code is 400 (bad request) or 500 (internal error) - fail
|
||||
if equals_code == 400 or equals_code == 500:
|
||||
module.fail_json(msg=equals_response)
|
||||
if equals_code == 404 and equals_response['code'] == 'generic_err_command_not_found':
|
||||
module.fail_json(msg='Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center.')
|
||||
|
||||
if module.params['state'] == 'present':
|
||||
if equals_code == 200:
|
||||
if equals_response['equals']:
|
||||
if not is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule):
|
||||
equals_response['equals'] = False
|
||||
if not equals_response['equals']:
|
||||
# if user insert param 'position' and needed to use the 'set' command, change the param name to 'new-position'
|
||||
if 'position' in payload:
|
||||
payload['new-position'] = payload['position']
|
||||
del payload['position']
|
||||
code, response = send_request(connection, version, 'set-' + api_call_object, payload)
|
||||
if code != 200:
|
||||
module.fail_json(msg=response)
|
||||
|
||||
handle_publish(module, connection, version)
|
||||
|
||||
result['changed'] = True
|
||||
result[api_call_object] = response
|
||||
else:
|
||||
# objects are equals and there is no need for set request
|
||||
pass
|
||||
elif equals_code == 404:
|
||||
code, response = send_request(connection, version, 'add-' + api_call_object, payload)
|
||||
if code != 200:
|
||||
module.fail_json(msg=response)
|
||||
|
||||
handle_publish(module, connection, version)
|
||||
|
||||
result['changed'] = True
|
||||
result[api_call_object] = response
|
||||
elif module.params['state'] == 'absent':
|
||||
if equals_code == 200:
|
||||
payload_for_delete = get_copy_payload_with_some_params(payload, delete_params)
|
||||
code, response = send_request(connection, version, 'delete-' + api_call_object, payload_for_delete)
|
||||
if code != 200:
|
||||
module.fail_json(msg=response)
|
||||
|
||||
handle_publish(module, connection, version)
|
||||
|
||||
result['changed'] = True
|
||||
elif equals_code == 404:
|
||||
# no need to delete because object dose not exist
|
||||
pass
|
||||
|
||||
return result
|
||||
|
||||
|
||||
# handle api call facts for rule
|
||||
def api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version):
|
||||
payload = get_payload_from_parameters(module.params)
|
||||
connection = Connection(module._socket_path)
|
||||
# if user insert a specific version, we add it to the url
|
||||
version = ('v' + module.params['version'] + '/') if module.params['version'] else ''
|
||||
|
||||
# if there is neither name nor uid, the API command will be in plural version (e.g. show-hosts instead of show-host)
|
||||
if payload.get("layer") is None:
|
||||
api_call_object = api_call_object_plural_version
|
||||
|
||||
code, response = send_request(connection, version, 'show-' + api_call_object, payload)
|
||||
if code != 200:
|
||||
module.fail_json(msg='Checkpoint device returned error {0} with message {1}'.format(code, response))
|
||||
|
||||
result = {api_call_object: response}
|
||||
return result
|
||||
|
||||
|
||||
# The code from here till EOF will be deprecated when Rikis' modules will be deprecated
|
||||
checkpoint_argument_spec = dict(auto_publish_session=dict(type='bool', default=True),
|
||||
policy_package=dict(type='str', default='standard'),
|
||||
auto_install_policy=dict(type='bool', default=True),
|
||||
targets=dict(type='list')
|
||||
)
|
||||
|
||||
|
||||
def publish(connection, uid=None):
|
||||
payload = None
|
||||
|
||||
if uid:
|
||||
payload = {'uid': uid}
|
||||
|
||||
connection.send_request('/web_api/publish', payload)
|
||||
|
||||
|
||||
def discard(connection, uid=None):
|
||||
payload = None
|
||||
|
||||
if uid:
|
||||
payload = {'uid': uid}
|
||||
|
||||
connection.send_request('/web_api/discard', payload)
|
||||
|
||||
|
||||
def install_policy(connection, policy_package, targets):
|
||||
payload = {'policy-package': policy_package,
|
||||
'targets': targets}
|
||||
|
||||
connection.send_request('/web_api/install-policy', payload)
|
@ -1,170 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_access_layer
|
||||
short_description: Manages access-layer objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages access-layer objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
add_default_rule:
|
||||
description:
|
||||
- Indicates whether to include a cleanup rule in the new layer.
|
||||
type: bool
|
||||
applications_and_url_filtering:
|
||||
description:
|
||||
- Whether to enable Applications & URL Filtering blade on the layer.
|
||||
type: bool
|
||||
content_awareness:
|
||||
description:
|
||||
- Whether to enable Content Awareness blade on the layer.
|
||||
type: bool
|
||||
detect_using_x_forward_for:
|
||||
description:
|
||||
- Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP.
|
||||
type: bool
|
||||
firewall:
|
||||
description:
|
||||
- Whether to enable Firewall blade on the layer.
|
||||
type: bool
|
||||
implicit_cleanup_action:
|
||||
description:
|
||||
- The default "catch-all" action for traffic that does not match any explicit or implied rules in the layer.
|
||||
type: str
|
||||
choices: ['drop', 'accept']
|
||||
mobile_access:
|
||||
description:
|
||||
- Whether to enable Mobile Access blade on the layer.
|
||||
type: bool
|
||||
shared:
|
||||
description:
|
||||
- Whether this layer is shared.
|
||||
type: bool
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-access-layer
|
||||
cp_mgmt_access_layer:
|
||||
name: New Layer 1
|
||||
state: present
|
||||
|
||||
- name: set-access-layer
|
||||
cp_mgmt_access_layer:
|
||||
applications_and_url_filtering: false
|
||||
data_awareness: true
|
||||
name: New Layer 1
|
||||
state: present
|
||||
|
||||
- name: delete-access-layer
|
||||
cp_mgmt_access_layer:
|
||||
name: New Layer 2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_access_layer:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
add_default_rule=dict(type='bool'),
|
||||
applications_and_url_filtering=dict(type='bool'),
|
||||
content_awareness=dict(type='bool'),
|
||||
detect_using_x_forward_for=dict(type='bool'),
|
||||
firewall=dict(type='bool'),
|
||||
implicit_cleanup_action=dict(type='str', choices=['drop', 'accept']),
|
||||
mobile_access=dict(type='bool'),
|
||||
shared=dict(type='bool'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'access-layer'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,126 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_access_layer_facts
|
||||
short_description: Get access-layer objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get access-layer objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-access-layer
|
||||
cp_mgmt_access_layer_facts:
|
||||
name: New Layer 1
|
||||
|
||||
- name: show-access-layers
|
||||
cp_mgmt_access_layer_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "access-layer"
|
||||
api_call_object_plural_version = "access-layers"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,187 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_access_role
|
||||
short_description: Manages access-role objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages access-role objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
machines:
|
||||
description:
|
||||
- Machines that can access the system.
|
||||
type: list
|
||||
suboptions:
|
||||
source:
|
||||
description:
|
||||
- Active Directory name or UID or Identity Tag.
|
||||
type: str
|
||||
selection:
|
||||
description:
|
||||
- Name or UID of an object selected from source.
|
||||
type: list
|
||||
base_dn:
|
||||
description:
|
||||
- When source is "Active Directory" use "base-dn" to refine the query in AD database.
|
||||
type: str
|
||||
networks:
|
||||
description:
|
||||
- Collection of Network objects identified by the name or UID that can access the system.
|
||||
type: list
|
||||
remote_access_clients:
|
||||
description:
|
||||
- Remote access clients identified by name or UID.
|
||||
type: str
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
users:
|
||||
description:
|
||||
- Users that can access the system.
|
||||
type: list
|
||||
suboptions:
|
||||
source:
|
||||
description:
|
||||
- Active Directory name or UID or Identity Tag or Internal User Groups or LDAP groups or Guests.
|
||||
type: str
|
||||
selection:
|
||||
description:
|
||||
- Name or UID of an object selected from source.
|
||||
type: list
|
||||
base_dn:
|
||||
description:
|
||||
- When source is "Active Directory" use "base-dn" to refine the query in AD database.
|
||||
type: str
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-access-role
|
||||
cp_mgmt_access_role:
|
||||
machines: all identified
|
||||
name: New Access Role 1
|
||||
networks: any
|
||||
remote_access_clients: any
|
||||
state: present
|
||||
users: any
|
||||
|
||||
- name: set-access-role
|
||||
cp_mgmt_access_role:
|
||||
machines: any
|
||||
name: New Access Role 1
|
||||
state: present
|
||||
users: all identified
|
||||
|
||||
- name: delete-access-role
|
||||
cp_mgmt_access_role:
|
||||
name: New Access Role 1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_access_role:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
machines=dict(type='list', options=dict(
|
||||
source=dict(type='str'),
|
||||
selection=dict(type='list'),
|
||||
base_dn=dict(type='str')
|
||||
)),
|
||||
networks=dict(type='list'),
|
||||
remote_access_clients=dict(type='str'),
|
||||
tags=dict(type='list'),
|
||||
users=dict(type='list', options=dict(
|
||||
source=dict(type='str'),
|
||||
selection=dict(type='list'),
|
||||
base_dn=dict(type='str')
|
||||
)),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'access-role'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,124 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_access_role_facts
|
||||
short_description: Get access-role objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get access-role objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-access-role
|
||||
cp_mgmt_access_role_facts:
|
||||
name: New Access Role 1
|
||||
|
||||
- name: show-access-roles
|
||||
cp_mgmt_access_role_facts:
|
||||
details_level: full
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "access-role"
|
||||
api_call_object_plural_version = "access-roles"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,354 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_access_rule
|
||||
short_description: Manages access-rule objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages access-rule objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
layer:
|
||||
description:
|
||||
- Layer that the rule belongs to identified by the name or UID.
|
||||
type: str
|
||||
position:
|
||||
description:
|
||||
- Position in the rulebase.
|
||||
type: str
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
action:
|
||||
description:
|
||||
- a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
|
||||
type: str
|
||||
action_settings:
|
||||
description:
|
||||
- Action settings.
|
||||
type: dict
|
||||
suboptions:
|
||||
enable_identity_captive_portal:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
limit:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
content:
|
||||
description:
|
||||
- List of processed file types that this rule applies on.
|
||||
type: list
|
||||
content_direction:
|
||||
description:
|
||||
- On which direction the file types processing is applied.
|
||||
type: str
|
||||
choices: ['any', 'up', 'down']
|
||||
content_negate:
|
||||
description:
|
||||
- True if negate is set for data.
|
||||
type: bool
|
||||
custom_fields:
|
||||
description:
|
||||
- Custom fields.
|
||||
type: dict
|
||||
suboptions:
|
||||
field_1:
|
||||
description:
|
||||
- First custom field.
|
||||
type: str
|
||||
field_2:
|
||||
description:
|
||||
- Second custom field.
|
||||
type: str
|
||||
field_3:
|
||||
description:
|
||||
- Third custom field.
|
||||
type: str
|
||||
destination:
|
||||
description:
|
||||
- Collection of Network objects identified by the name or UID.
|
||||
type: list
|
||||
destination_negate:
|
||||
description:
|
||||
- True if negate is set for destination.
|
||||
type: bool
|
||||
enabled:
|
||||
description:
|
||||
- Enable/Disable the rule.
|
||||
type: bool
|
||||
inline_layer:
|
||||
description:
|
||||
- Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
|
||||
type: str
|
||||
install_on:
|
||||
description:
|
||||
- Which Gateways identified by the name or UID to install the policy on.
|
||||
type: list
|
||||
service:
|
||||
description:
|
||||
- Collection of Network objects identified by the name or UID.
|
||||
type: list
|
||||
service_negate:
|
||||
description:
|
||||
- True if negate is set for service.
|
||||
type: bool
|
||||
source:
|
||||
description:
|
||||
- Collection of Network objects identified by the name or UID.
|
||||
type: list
|
||||
source_negate:
|
||||
description:
|
||||
- True if negate is set for source.
|
||||
type: bool
|
||||
time:
|
||||
description:
|
||||
- List of time objects. For example, "Weekend", "Off-Work", "Every-Day".
|
||||
type: list
|
||||
track:
|
||||
description:
|
||||
- Track Settings.
|
||||
type: dict
|
||||
suboptions:
|
||||
accounting:
|
||||
description:
|
||||
- Turns accounting for track on and off.
|
||||
type: bool
|
||||
alert:
|
||||
description:
|
||||
- Type of alert for the track.
|
||||
type: str
|
||||
choices: ['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']
|
||||
enable_firewall_session:
|
||||
description:
|
||||
- Determine whether to generate session log to firewall only connections.
|
||||
type: bool
|
||||
per_connection:
|
||||
description:
|
||||
- Determines whether to perform the log per connection.
|
||||
type: bool
|
||||
per_session:
|
||||
description:
|
||||
- Determines whether to perform the log per session.
|
||||
type: bool
|
||||
type:
|
||||
description:
|
||||
- a "Log", "Extended Log", "Detailed Log", "None".
|
||||
type: str
|
||||
user_check:
|
||||
description:
|
||||
- User check settings.
|
||||
type: dict
|
||||
suboptions:
|
||||
confirm:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
choices: ['per rule', 'per category', 'per application/site', 'per data type']
|
||||
custom_frequency:
|
||||
description:
|
||||
- N/A
|
||||
type: dict
|
||||
suboptions:
|
||||
every:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
unit:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
choices: ['hours', 'days', 'weeks', 'months']
|
||||
frequency:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
choices: ['once a day', 'once a week', 'once a month', 'custom frequency...']
|
||||
interaction:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
vpn:
|
||||
description:
|
||||
- Communities or Directional.
|
||||
type: list
|
||||
suboptions:
|
||||
community:
|
||||
description:
|
||||
- List of community name or UID.
|
||||
type: list
|
||||
directional:
|
||||
description:
|
||||
- Communities directional match condition.
|
||||
type: list
|
||||
suboptions:
|
||||
from:
|
||||
description:
|
||||
- From community name or UID.
|
||||
type: str
|
||||
to:
|
||||
description:
|
||||
- To community name or UID.
|
||||
type: str
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-access-rule
|
||||
cp_mgmt_access_rule:
|
||||
layer: Network
|
||||
name: Rule 1
|
||||
position: 1
|
||||
service:
|
||||
- SMTP
|
||||
- AOL
|
||||
state: present
|
||||
|
||||
- name: set-access-rule
|
||||
cp_mgmt_access_rule:
|
||||
action: Ask
|
||||
action_settings:
|
||||
enable_identity_captive_portal: true
|
||||
limit: Upload_1Gbps
|
||||
layer: Network
|
||||
name: Rule 1
|
||||
state: present
|
||||
|
||||
- name: delete-access-rule
|
||||
cp_mgmt_access_rule:
|
||||
layer: Network
|
||||
name: Rule 2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_access_rule:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
layer=dict(type='str'),
|
||||
position=dict(type='str'),
|
||||
name=dict(type='str', required=True),
|
||||
action=dict(type='str'),
|
||||
action_settings=dict(type='dict', options=dict(
|
||||
enable_identity_captive_portal=dict(type='bool'),
|
||||
limit=dict(type='str')
|
||||
)),
|
||||
content=dict(type='list'),
|
||||
content_direction=dict(type='str', choices=['any', 'up', 'down']),
|
||||
content_negate=dict(type='bool'),
|
||||
custom_fields=dict(type='dict', options=dict(
|
||||
field_1=dict(type='str'),
|
||||
field_2=dict(type='str'),
|
||||
field_3=dict(type='str')
|
||||
)),
|
||||
destination=dict(type='list'),
|
||||
destination_negate=dict(type='bool'),
|
||||
enabled=dict(type='bool'),
|
||||
inline_layer=dict(type='str'),
|
||||
install_on=dict(type='list'),
|
||||
service=dict(type='list'),
|
||||
service_negate=dict(type='bool'),
|
||||
source=dict(type='list'),
|
||||
source_negate=dict(type='bool'),
|
||||
time=dict(type='list'),
|
||||
track=dict(type='dict', options=dict(
|
||||
accounting=dict(type='bool'),
|
||||
alert=dict(type='str', choices=['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']),
|
||||
enable_firewall_session=dict(type='bool'),
|
||||
per_connection=dict(type='bool'),
|
||||
per_session=dict(type='bool'),
|
||||
type=dict(type='str')
|
||||
)),
|
||||
user_check=dict(type='dict', options=dict(
|
||||
confirm=dict(type='str', choices=['per rule', 'per category', 'per application/site', 'per data type']),
|
||||
custom_frequency=dict(type='dict', options=dict(
|
||||
every=dict(type='int'),
|
||||
unit=dict(type='str', choices=['hours', 'days', 'weeks', 'months'])
|
||||
)),
|
||||
frequency=dict(type='str', choices=['once a day', 'once a week', 'once a month', 'custom frequency...']),
|
||||
interaction=dict(type='str')
|
||||
)),
|
||||
vpn=dict(type='list', options=dict(
|
||||
community=dict(type='list'),
|
||||
directional=dict(type='list', options=dict(
|
||||
to=dict(type='str')
|
||||
))
|
||||
)),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec['vpn']['options']['directional']['options']['from'] = dict(type='str')
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'access-rule'
|
||||
|
||||
if module.params['action'] is None and module.params['position'] is None:
|
||||
result = api_call(module, api_call_object)
|
||||
else:
|
||||
result = api_call_for_rule(module, api_call_object)
|
||||
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,244 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_access_rule_facts
|
||||
short_description: Get access-rule objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get access-rule objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name. Should be unique in the domain.
|
||||
type: str
|
||||
layer:
|
||||
description:
|
||||
- Layer that the rule belongs to identified by the name or UID.
|
||||
type: str
|
||||
show_as_ranges:
|
||||
description:
|
||||
- When true, the source, destination and services & applications parameters are displayed as ranges of IP addresses and port numbers rather than
|
||||
network objects.<br /> Objects that are not represented using IP addresses or port numbers are presented as objects.<br /> In addition, the response
|
||||
of each rule does not contain the parameters, source, source-negate, destination, destination-negate, service and service-negate, but instead it
|
||||
contains the parameters, source-ranges, destination-ranges and service-ranges.<br /><br /> Note, Requesting to show rules as ranges is limited up to
|
||||
20 rules per request, otherwise an error is returned. If you wish to request more rules, use the offset and limit parameters to limit your request.
|
||||
type: bool
|
||||
show_hits:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
hits_settings:
|
||||
description:
|
||||
- N/A
|
||||
type: dict
|
||||
suboptions:
|
||||
from_date:
|
||||
description:
|
||||
- Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'.
|
||||
type: str
|
||||
target:
|
||||
description:
|
||||
- Target gateway name or UID.
|
||||
type: str
|
||||
to_date:
|
||||
description:
|
||||
- Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
filter:
|
||||
description:
|
||||
- Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical
|
||||
operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
|
||||
type: str
|
||||
filter_settings:
|
||||
description:
|
||||
- Sets filter preferences.
|
||||
type: dict
|
||||
suboptions:
|
||||
search_mode:
|
||||
description:
|
||||
- When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any'
|
||||
object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell
|
||||
or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
|
||||
type: str
|
||||
choices: ['general', 'packet']
|
||||
packet_search_settings:
|
||||
description:
|
||||
- When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
|
||||
type: dict
|
||||
suboptions:
|
||||
expand_group_members:
|
||||
description:
|
||||
- When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at
|
||||
least one member of the group.
|
||||
type: bool
|
||||
expand_group_with_exclusion_members:
|
||||
description:
|
||||
- When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that
|
||||
match at least one member of the "include" part and is not a member of the "except" part.
|
||||
type: bool
|
||||
match_on_any:
|
||||
description:
|
||||
- Whether to match on 'Any' object.
|
||||
type: bool
|
||||
match_on_group_with_exclusion:
|
||||
description:
|
||||
- Whether to match on a group-with-exclusion.
|
||||
type: bool
|
||||
match_on_negate:
|
||||
description:
|
||||
- Whether to match on a negated cell.
|
||||
type: bool
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
package:
|
||||
description:
|
||||
- Name of the package.
|
||||
type: str
|
||||
use_object_dictionary:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
dereference_group_members:
|
||||
description:
|
||||
- Indicates whether to dereference "members" field by details level for every object in reply.
|
||||
type: bool
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-access-rule
|
||||
cp_mgmt_access_rule_facts:
|
||||
layer: Network
|
||||
name: Rule 1
|
||||
|
||||
- name: show-access-rulebase
|
||||
cp_mgmt_access_rule_facts:
|
||||
details_level: standard
|
||||
limit: 20
|
||||
name: Network
|
||||
offset: 0
|
||||
use_object_dictionary: true
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
layer=dict(type='str'),
|
||||
show_as_ranges=dict(type='bool'),
|
||||
show_hits=dict(type='bool'),
|
||||
hits_settings=dict(type='dict', options=dict(
|
||||
from_date=dict(type='str'),
|
||||
target=dict(type='str'),
|
||||
to_date=dict(type='str')
|
||||
)),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
filter=dict(type='str'),
|
||||
filter_settings=dict(type='dict', options=dict(
|
||||
search_mode=dict(type='str', choices=['general', 'packet']),
|
||||
packet_search_settings=dict(type='dict', options=dict(
|
||||
expand_group_members=dict(type='bool'),
|
||||
expand_group_with_exclusion_members=dict(type='bool'),
|
||||
match_on_any=dict(type='bool'),
|
||||
match_on_group_with_exclusion=dict(type='bool'),
|
||||
match_on_negate=dict(type='bool')
|
||||
))
|
||||
)),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
package=dict(type='str'),
|
||||
use_object_dictionary=dict(type='bool'),
|
||||
dereference_group_members=dict(type='bool'),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "access-rule"
|
||||
api_call_object_plural_version = "access-rulebase"
|
||||
|
||||
result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,213 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_address_range
|
||||
short_description: Manages address-range objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages address-range objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
ip_address_first:
|
||||
description:
|
||||
- First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
|
||||
type: str
|
||||
ipv4_address_first:
|
||||
description:
|
||||
- First IPv4 address in the range.
|
||||
type: str
|
||||
ipv6_address_first:
|
||||
description:
|
||||
- First IPv6 address in the range.
|
||||
type: str
|
||||
ip_address_last:
|
||||
description:
|
||||
- Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
|
||||
type: str
|
||||
ipv4_address_last:
|
||||
description:
|
||||
- Last IPv4 address in the range.
|
||||
type: str
|
||||
ipv6_address_last:
|
||||
description:
|
||||
- Last IPv6 address in the range.
|
||||
type: str
|
||||
nat_settings:
|
||||
description:
|
||||
- NAT settings.
|
||||
type: dict
|
||||
suboptions:
|
||||
auto_rule:
|
||||
description:
|
||||
- Whether to add automatic address translation rules.
|
||||
type: bool
|
||||
ip_address:
|
||||
description:
|
||||
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not
|
||||
required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway".
|
||||
type: str
|
||||
ipv4_address:
|
||||
description:
|
||||
- IPv4 address.
|
||||
type: str
|
||||
ipv6_address:
|
||||
description:
|
||||
- IPv6 address.
|
||||
type: str
|
||||
hide_behind:
|
||||
description:
|
||||
- Hide behind method. This parameter is not required in case "method" parameter is "static".
|
||||
type: str
|
||||
choices: ['gateway', 'ip-address']
|
||||
install_on:
|
||||
description:
|
||||
- Which gateway should apply the NAT translation.
|
||||
type: str
|
||||
method:
|
||||
description:
|
||||
- NAT translation method.
|
||||
type: str
|
||||
choices: ['hide', 'static']
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-address-range
|
||||
cp_mgmt_address_range:
|
||||
ip_address_first: 192.0.2.1
|
||||
ip_address_last: 192.0.2.10
|
||||
name: New Address Range 1
|
||||
state: present
|
||||
|
||||
- name: set-address-range
|
||||
cp_mgmt_address_range:
|
||||
color: green
|
||||
ip_address_first: 192.0.2.1
|
||||
ip_address_last: 192.0.2.1
|
||||
name: New Address Range 1
|
||||
new_name: New Address Range 2
|
||||
state: present
|
||||
|
||||
- name: delete-address-range
|
||||
cp_mgmt_address_range:
|
||||
name: New Address Range 2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_address_range:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
ip_address_first=dict(type='str'),
|
||||
ipv4_address_first=dict(type='str'),
|
||||
ipv6_address_first=dict(type='str'),
|
||||
ip_address_last=dict(type='str'),
|
||||
ipv4_address_last=dict(type='str'),
|
||||
ipv6_address_last=dict(type='str'),
|
||||
nat_settings=dict(type='dict', options=dict(
|
||||
auto_rule=dict(type='bool'),
|
||||
ip_address=dict(type='str'),
|
||||
ipv4_address=dict(type='str'),
|
||||
ipv6_address=dict(type='str'),
|
||||
hide_behind=dict(type='str', choices=['gateway', 'ip-address']),
|
||||
install_on=dict(type='str'),
|
||||
method=dict(type='str', choices=['hide', 'static'])
|
||||
)),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'address-range'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,131 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_address_range_facts
|
||||
short_description: Get address-range objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get address-range objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-address-range
|
||||
cp_mgmt_address_range_facts:
|
||||
name: New Address Range 1
|
||||
|
||||
- name: show-address-ranges
|
||||
cp_mgmt_address_range_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "address-range"
|
||||
api_call_object_plural_version = "address-ranges"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,200 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_administrator
|
||||
short_description: Manages administrator objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages administrator objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
authentication_method:
|
||||
description:
|
||||
- Authentication method.
|
||||
type: str
|
||||
choices: ['undefined', 'check point password', 'os password', 'securid', 'radius', 'tacacs', 'ad authentication']
|
||||
email:
|
||||
description:
|
||||
- Administrator email.
|
||||
type: str
|
||||
expiration_date:
|
||||
description:
|
||||
- Format, YYYY-MM-DD, YYYY-mm-ddThh,mm,ss.
|
||||
type: str
|
||||
multi_domain_profile:
|
||||
description:
|
||||
- Administrator multi-domain profile.
|
||||
type: str
|
||||
must_change_password:
|
||||
description:
|
||||
- True if administrator must change password on the next login.
|
||||
type: bool
|
||||
password:
|
||||
description:
|
||||
- Administrator password.
|
||||
type: str
|
||||
password_hash:
|
||||
description:
|
||||
- Administrator password hash.
|
||||
type: str
|
||||
permissions_profile:
|
||||
description:
|
||||
- Administrator permissions profile. Permissions profile should not be provided when multi-domain-profile is set to "Multi-Domain Super User" or
|
||||
"Domain Super User".
|
||||
type: list
|
||||
suboptions:
|
||||
profile:
|
||||
description:
|
||||
- Permission profile.
|
||||
type: str
|
||||
phone_number:
|
||||
description:
|
||||
- Administrator phone number.
|
||||
type: str
|
||||
radius_server:
|
||||
description:
|
||||
- RADIUS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "RADIUS".
|
||||
type: str
|
||||
tacacs_server:
|
||||
description:
|
||||
- TACACS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "TACACS".
|
||||
type: str
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-administrator
|
||||
cp_mgmt_administrator:
|
||||
authentication_method: INTERNAL_PASSWORD
|
||||
email: admin@gmail.com
|
||||
must_change_password: false
|
||||
name: admin
|
||||
password: secret
|
||||
permissions_profile: read write all
|
||||
phone_number: 1800-800-800
|
||||
state: present
|
||||
|
||||
- name: set-administrator
|
||||
cp_mgmt_administrator:
|
||||
name: admin
|
||||
password: bew secret
|
||||
permissions_profile: read only profile
|
||||
state: present
|
||||
|
||||
- name: delete-administrator
|
||||
cp_mgmt_administrator:
|
||||
name: admin
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_administrator:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
authentication_method=dict(type='str', choices=['undefined', 'check point password',
|
||||
'os password', 'securid', 'radius', 'tacacs', 'ad authentication']),
|
||||
email=dict(type='str'),
|
||||
expiration_date=dict(type='str'),
|
||||
multi_domain_profile=dict(type='str'),
|
||||
must_change_password=dict(type='bool'),
|
||||
password=dict(type='str'),
|
||||
password_hash=dict(type='str'),
|
||||
permissions_profile=dict(type='list', options=dict(
|
||||
profile=dict(type='str')
|
||||
)),
|
||||
phone_number=dict(type='str'),
|
||||
radius_server=dict(type='str'),
|
||||
tacacs_server=dict(type='str'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'administrator'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,126 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_administrator_facts
|
||||
short_description: Get administrator objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get administrator objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-administrator
|
||||
cp_mgmt_administrator_facts:
|
||||
name: admin
|
||||
|
||||
- name: show-administrators
|
||||
cp_mgmt_administrator_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "administrator"
|
||||
api_call_object_plural_version = "administrators"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,176 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_application_site
|
||||
short_description: Manages application-site objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages application-site objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
primary_category:
|
||||
description:
|
||||
- Each application is assigned to one primary category based on its most defining aspect.
|
||||
type: str
|
||||
url_list:
|
||||
description:
|
||||
- URLs that determine this particular application.
|
||||
type: list
|
||||
application_signature:
|
||||
description:
|
||||
- Application signature generated by <a
|
||||
href="https,//supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103051">Signature Tool</a>.
|
||||
type: str
|
||||
additional_categories:
|
||||
description:
|
||||
- Used to configure or edit the additional categories of a custom application / site used in the Application and URL Filtering or Threat Prevention.
|
||||
type: list
|
||||
description:
|
||||
description:
|
||||
- A description for the application.
|
||||
type: str
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
urls_defined_as_regular_expression:
|
||||
description:
|
||||
- States whether the URL is defined as a Regular Expression or not.
|
||||
type: bool
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-application-site
|
||||
cp_mgmt_application_site:
|
||||
additional_categories:
|
||||
- Instant Chat
|
||||
- Supports Streaming
|
||||
- New Application Site Category 1
|
||||
description: My Application Site
|
||||
name: New Application Site 1
|
||||
primary_category: Social Networking
|
||||
state: present
|
||||
url_list:
|
||||
- www.cnet.com
|
||||
- www.stackoverflow.com
|
||||
urls_defined_as_regular_expression: false
|
||||
|
||||
- name: set-application-site
|
||||
cp_mgmt_application_site:
|
||||
description: My New Application Site
|
||||
name: New Application Site 1
|
||||
primary_category: Instant Chat
|
||||
state: present
|
||||
urls_defined_as_regular_expression: true
|
||||
|
||||
- name: delete-application-site
|
||||
cp_mgmt_application_site:
|
||||
name: New Application Site 2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_application_site:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
primary_category=dict(type='str'),
|
||||
url_list=dict(type='list'),
|
||||
application_signature=dict(type='str'),
|
||||
additional_categories=dict(type='list'),
|
||||
description=dict(type='str'),
|
||||
tags=dict(type='list'),
|
||||
urls_defined_as_regular_expression=dict(type='bool'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'application-site'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,139 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_application_site_category
|
||||
short_description: Manages application-site-category objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages application-site-category objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
description:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-application-site-category
|
||||
cp_mgmt_application_site_category:
|
||||
description: My Application Site category
|
||||
name: New Application Site Category 1
|
||||
state: present
|
||||
|
||||
- name: set-application-site-category
|
||||
cp_mgmt_application_site_category:
|
||||
description: My new Application Site category
|
||||
name: New Application Site Category 1
|
||||
state: present
|
||||
|
||||
- name: delete-application-site-category
|
||||
cp_mgmt_application_site_category:
|
||||
name: New Application Site Category 2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_application_site_category:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
description=dict(type='str'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'application-site-category'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,126 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_application_site_category_facts
|
||||
short_description: Get application-site-category objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get application-site-category objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-application-site-category
|
||||
cp_mgmt_application_site_category_facts:
|
||||
name: Social Networking
|
||||
|
||||
- name: show-application-site-categories
|
||||
cp_mgmt_application_site_category_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "application-site-category"
|
||||
api_call_object_plural_version = "application-site-categories"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,136 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_application_site_facts
|
||||
short_description: Get application-site objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get application-site objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
application_id:
|
||||
description:
|
||||
- Object application identifier.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-application-site
|
||||
cp_mgmt_application_site_facts:
|
||||
name: facebook
|
||||
|
||||
- name: show-application-sites
|
||||
cp_mgmt_application_site_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
application_id=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "application-site"
|
||||
api_call_object_plural_version = "application-sites"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,144 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_application_site_group
|
||||
short_description: Manages application-site-group objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages application-site-group objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
members:
|
||||
description:
|
||||
- Collection of application and URL filtering objects identified by the name or UID.
|
||||
type: list
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-application-site-group
|
||||
cp_mgmt_application_site_group:
|
||||
members:
|
||||
- facebook
|
||||
- Social Networking
|
||||
- New Application Site 1
|
||||
- New Application Site Category 1
|
||||
name: New Application Site Group 1
|
||||
state: present
|
||||
|
||||
- name: set-application-site-group
|
||||
cp_mgmt_application_site_group:
|
||||
name: New Application Site Group 1
|
||||
members:
|
||||
- AliveProxy
|
||||
state: present
|
||||
|
||||
- name: delete-application-site-group
|
||||
cp_mgmt_application_site_group:
|
||||
name: New Application Site Group 1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_application_site_group:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
members=dict(type='list'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'application-site-group'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,136 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_application_site_group_facts
|
||||
short_description: Get application-site-group objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get application-site-group objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
dereference_group_members:
|
||||
description:
|
||||
- Indicates whether to dereference "members" field by details level for every object in reply.
|
||||
type: bool
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-application-site-group
|
||||
cp_mgmt_application_site_group_facts:
|
||||
name: New Application Site Group 1
|
||||
|
||||
- name: show-application-site-groups
|
||||
cp_mgmt_application_site_group_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
dereference_group_members=dict(type='bool'),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "application-site-group"
|
||||
api_call_object_plural_version = "application-site-groups"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,90 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_assign_global_assignment
|
||||
short_description: assign global assignment on Check Point over Web Services API
|
||||
description:
|
||||
- assign global assignment on Check Point over Web Services API
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
dependent_domains:
|
||||
description:
|
||||
- N/A
|
||||
type: list
|
||||
global_domains:
|
||||
description:
|
||||
- N/A
|
||||
type: list
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
extends_documentation_fragment: checkpoint_commands
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: assign-global-assignment
|
||||
cp_mgmt_assign_global_assignment:
|
||||
dependent_domains: domain1
|
||||
global_domains: Global2
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_assign_global_assignment:
|
||||
description: The checkpoint assign-global-assignment output.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
dependent_domains=dict(type='list'),
|
||||
global_domains=dict(type='list'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full'])
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_commands)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
command = "assign-global-assignment"
|
||||
|
||||
result = api_command(module, command)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,76 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_discard
|
||||
short_description: All changes done by user are discarded and removed from database.
|
||||
description:
|
||||
- All changes done by user are discarded and removed from database.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
uid:
|
||||
description:
|
||||
- Session unique identifier. Specify it to discard a different session than the one you currently use.
|
||||
type: str
|
||||
extends_documentation_fragment: checkpoint_commands
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: discard
|
||||
cp_mgmt_discard:
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_discard:
|
||||
description: The checkpoint discard output.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
uid=dict(type='str')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_commands)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
command = "discard"
|
||||
|
||||
result = api_command(module, command)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,134 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_dns_domain
|
||||
short_description: Manages dns-domain objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages dns-domain objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
is_sub_domain:
|
||||
description:
|
||||
- Whether to match sub-domains in addition to the domain itself.
|
||||
type: bool
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-dns-domain
|
||||
cp_mgmt_dns_domain:
|
||||
is_sub_domain: false
|
||||
name: .www.example.com
|
||||
state: present
|
||||
|
||||
- name: set-dns-domain
|
||||
cp_mgmt_dns_domain:
|
||||
is_sub_domain: true
|
||||
name: .www.example.com
|
||||
state: present
|
||||
|
||||
- name: delete-dns-domain
|
||||
cp_mgmt_dns_domain:
|
||||
name: .example.com
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_dns_domain:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
is_sub_domain=dict(type='bool'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'dns-domain'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,131 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_dns_domain_facts
|
||||
short_description: Get dns-domain objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get dns-domain objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-dns-domain
|
||||
cp_mgmt_dns_domain_facts:
|
||||
name: .www.example.com
|
||||
|
||||
- name: show-dns-domains
|
||||
cp_mgmt_dns_domain_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "dns-domain"
|
||||
api_call_object_plural_version = "dns-domains"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,124 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_dynamic_object
|
||||
short_description: Manages dynamic-object objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages dynamic-object objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-dynamic-object
|
||||
cp_mgmt_dynamic_object:
|
||||
color: yellow
|
||||
comments: My Dynamic Object 1
|
||||
name: Dynamic_Object_1
|
||||
state: present
|
||||
|
||||
- name: delete-dynamic-object
|
||||
cp_mgmt_dynamic_object:
|
||||
name: Dynamic_Object_2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_dynamic_object:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'dynamic-object'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,128 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_dynamic_object_facts
|
||||
short_description: Get dynamic-object objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get dynamic-object objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-dynamic-object
|
||||
cp_mgmt_dynamic_object_facts:
|
||||
name: Dynamic_Object_1
|
||||
|
||||
- name: show-dynamic-objects
|
||||
cp_mgmt_dynamic_object_facts:
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "dynamic-object"
|
||||
api_call_object_plural_version = "dynamic-objects"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,177 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_exception_group
|
||||
short_description: Manages exception-group objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages exception-group objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
applied_profile:
|
||||
description:
|
||||
- The threat profile to apply this group to in the case of apply-on threat-rules-with-specific-profile.
|
||||
type: str
|
||||
applied_threat_rules:
|
||||
description:
|
||||
- The threat rules to apply this group on in the case of apply-on manually-select-threat-rules.
|
||||
type: dict
|
||||
suboptions:
|
||||
add:
|
||||
description:
|
||||
- Adds to collection of values
|
||||
type: list
|
||||
suboptions:
|
||||
layer:
|
||||
description:
|
||||
- The layer of the threat rule to which the group is to be attached.
|
||||
type: str
|
||||
name:
|
||||
description:
|
||||
- The name of the threat rule to which the group is to be attached.
|
||||
type: str
|
||||
rule_number:
|
||||
description:
|
||||
- The rule-number of the threat rule to which the group is to be attached.
|
||||
type: str
|
||||
position:
|
||||
description:
|
||||
- Position in the rulebase.
|
||||
type: str
|
||||
apply_on:
|
||||
description:
|
||||
- An exception group can be set to apply on all threat rules, all threat rules which have a specific profile, or those rules manually chosen by the user.
|
||||
type: str
|
||||
choices: ['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules']
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-exception-group
|
||||
cp_mgmt_exception_group:
|
||||
applied_threat_rules.0.layer: MyLayer
|
||||
applied_threat_rules.0.name: MyThreatRule
|
||||
apply_on: manually-select-threat-rules
|
||||
name: exception_group_2
|
||||
state: present
|
||||
|
||||
- name: set-exception-group
|
||||
cp_mgmt_exception_group:
|
||||
apply_on: all-threat-rules
|
||||
name: exception_group_2
|
||||
state: present
|
||||
tags: tag3
|
||||
|
||||
- name: delete-exception-group
|
||||
cp_mgmt_exception_group:
|
||||
name: exception_group_2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_exception_group:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
applied_profile=dict(type='str'),
|
||||
applied_threat_rules=dict(type='dict', options=dict(
|
||||
add=dict(type='list', options=dict(
|
||||
layer=dict(type='str'),
|
||||
name=dict(type='str'),
|
||||
rule_number=dict(type='str'),
|
||||
position=dict(type='str')
|
||||
))
|
||||
)),
|
||||
apply_on=dict(type='str', choices=['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules']),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'exception-group'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,126 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_exception_group_facts
|
||||
short_description: Get exception-group objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get exception-group objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-exception-group
|
||||
cp_mgmt_exception_group_facts:
|
||||
name: exception_group_2
|
||||
|
||||
- name: show-exception-groups
|
||||
cp_mgmt_exception_group_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "exception-group"
|
||||
api_call_object_plural_version = "exception-groups"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,132 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_global_assignment
|
||||
short_description: Manages global-assignment objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages global-assignment objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
dependent_domain:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
global_access_policy:
|
||||
description:
|
||||
- Global domain access policy that is assigned to a dependent domain.
|
||||
type: str
|
||||
global_domain:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
global_threat_prevention_policy:
|
||||
description:
|
||||
- Global domain threat prevention policy that is assigned to a dependent domain.
|
||||
type: str
|
||||
manage_protection_actions:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-global-assignment
|
||||
cp_mgmt_global_assignment:
|
||||
dependent_domain: domain2
|
||||
global_access_policy: standard
|
||||
global_domain: Global
|
||||
global_threat_prevention_policy: standard
|
||||
manage_protection_actions: true
|
||||
state: present
|
||||
|
||||
- name: set-global-assignment
|
||||
cp_mgmt_global_assignment:
|
||||
dependent_domain: domain1
|
||||
global_domain: Global2
|
||||
global_threat_prevention_policy: ''
|
||||
manage_protection_actions: false
|
||||
state: present
|
||||
|
||||
- name: delete-global-assignment
|
||||
cp_mgmt_global_assignment:
|
||||
dependent_domain: domain1
|
||||
global_domain: Global2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_global_assignment:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
dependent_domain=dict(type='str'),
|
||||
global_access_policy=dict(type='str'),
|
||||
global_domain=dict(type='str'),
|
||||
global_threat_prevention_policy=dict(type='str'),
|
||||
manage_protection_actions=dict(type='bool'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'global-assignment'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,131 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_global_assignment_facts
|
||||
short_description: Get global-assignment objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get global-assignment objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
dependent_domain:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
global_domain:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-global-assignment
|
||||
cp_mgmt_global_assignment_facts:
|
||||
dependent_domain: domain1
|
||||
global_domain: Global2
|
||||
|
||||
- name: show-global-assignments
|
||||
cp_mgmt_global_assignment_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
dependent_domain=dict(type='str'),
|
||||
global_domain=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "global-assignment"
|
||||
api_call_object_plural_version = "global-assignments"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,140 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_group
|
||||
short_description: Manages group objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages group objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
members:
|
||||
description:
|
||||
- Collection of Network objects identified by the name or UID.
|
||||
type: list
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-group
|
||||
cp_mgmt_group:
|
||||
members:
|
||||
- New Host 1
|
||||
- My Test Host 3
|
||||
name: New Group 5
|
||||
state: present
|
||||
|
||||
- name: set-group
|
||||
cp_mgmt_group:
|
||||
name: New Group 1
|
||||
state: present
|
||||
|
||||
- name: delete-group
|
||||
cp_mgmt_group:
|
||||
name: New Group 1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_group:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
members=dict(type='list'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'group'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,143 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_group_facts
|
||||
short_description: Get group objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get group objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
show_as_ranges:
|
||||
description:
|
||||
- When true, the group's matched content is displayed as ranges of IP addresses rather than network objects.<br />Objects that are not
|
||||
represented using IP addresses are presented as objects.<br />The 'members' parameter is omitted from the response and instead the 'ranges' parameter
|
||||
is displayed.
|
||||
type: bool
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
dereference_group_members:
|
||||
description:
|
||||
- Indicates whether to dereference "members" field by details level for every object in reply.
|
||||
type: bool
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-group
|
||||
cp_mgmt_group_facts:
|
||||
name: Demo_Group
|
||||
|
||||
- name: show-groups
|
||||
cp_mgmt_group_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
show_as_ranges=dict(type='bool'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
dereference_group_members=dict(type='bool'),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "group"
|
||||
api_call_object_plural_version = "groups"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,146 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_group_with_exclusion
|
||||
short_description: Manages group-with-exclusion objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages group-with-exclusion objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
except:
|
||||
description:
|
||||
- Name or UID of an object which the group excludes.
|
||||
type: str
|
||||
include:
|
||||
description:
|
||||
- Name or UID of an object which the group includes.
|
||||
type: str
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-group-with-exclusion
|
||||
cp_mgmt_group_with_exclusion:
|
||||
except: New Group 2
|
||||
include: New Group 1
|
||||
name: Group with exclusion
|
||||
state: present
|
||||
|
||||
- name: set-group-with-exclusion
|
||||
cp_mgmt_group_with_exclusion:
|
||||
except: New Group 1
|
||||
include: New Group 2
|
||||
name: Group with exclusion
|
||||
state: present
|
||||
|
||||
- name: delete-group-with-exclusion
|
||||
cp_mgmt_group_with_exclusion:
|
||||
name: Group with exclusion
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_group_with_exclusion:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
include=dict(type='str'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec['except'] = dict(type='str')
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'group-with-exclusion'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,133 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_group_with_exclusion_facts
|
||||
short_description: Get group-with-exclusion objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get group-with-exclusion objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
show_as_ranges:
|
||||
description:
|
||||
- When true, the group with exclusion's matched content is displayed as ranges of IP addresses rather than network objects.<br />Objects that
|
||||
are not represented using IP addresses are presented as objects.<br />The 'include' and 'except' parameters are omitted from the response and instead
|
||||
the 'ranges' parameter is displayed.
|
||||
type: bool
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-group-with-exclusion
|
||||
cp_mgmt_group_with_exclusion_facts:
|
||||
name: Group with exclusion
|
||||
|
||||
- name: show-groups-with-exclusion
|
||||
cp_mgmt_group_with_exclusion_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
show_as_ranges=dict(type='bool'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "group-with-exclusion"
|
||||
api_call_object_plural_version = "groups-with-exclusion"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,333 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_host
|
||||
short_description: Manages host objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages host objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
ip_address:
|
||||
description:
|
||||
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
|
||||
type: str
|
||||
ipv4_address:
|
||||
description:
|
||||
- IPv4 address.
|
||||
type: str
|
||||
ipv6_address:
|
||||
description:
|
||||
- IPv6 address.
|
||||
type: str
|
||||
interfaces:
|
||||
description:
|
||||
- Host interfaces.
|
||||
type: list
|
||||
suboptions:
|
||||
name:
|
||||
description:
|
||||
- Interface name.
|
||||
type: str
|
||||
subnet:
|
||||
description:
|
||||
- IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly.
|
||||
type: str
|
||||
subnet4:
|
||||
description:
|
||||
- IPv4 network address.
|
||||
type: str
|
||||
subnet6:
|
||||
description:
|
||||
- IPv6 network address.
|
||||
type: str
|
||||
mask_length:
|
||||
description:
|
||||
- IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask
|
||||
length it is possible to specify IPv4 mask itself in subnet-mask field.
|
||||
type: int
|
||||
mask_length4:
|
||||
description:
|
||||
- IPv4 network mask length.
|
||||
type: int
|
||||
mask_length6:
|
||||
description:
|
||||
- IPv6 network mask length.
|
||||
type: int
|
||||
subnet_mask:
|
||||
description:
|
||||
- IPv4 network mask.
|
||||
type: str
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange',
|
||||
'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray',
|
||||
'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive',
|
||||
'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
nat_settings:
|
||||
description:
|
||||
- NAT settings.
|
||||
type: dict
|
||||
suboptions:
|
||||
auto_rule:
|
||||
description:
|
||||
- Whether to add automatic address translation rules.
|
||||
type: bool
|
||||
ip_address:
|
||||
description:
|
||||
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not
|
||||
required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway".
|
||||
type: str
|
||||
ipv4_address:
|
||||
description:
|
||||
- IPv4 address.
|
||||
type: str
|
||||
ipv6_address:
|
||||
description:
|
||||
- IPv6 address.
|
||||
type: str
|
||||
hide_behind:
|
||||
description:
|
||||
- Hide behind method. This parameter is not required in case "method" parameter is "static".
|
||||
type: str
|
||||
choices: ['gateway', 'ip-address']
|
||||
install_on:
|
||||
description:
|
||||
- Which gateway should apply the NAT translation.
|
||||
type: str
|
||||
method:
|
||||
description:
|
||||
- NAT translation method.
|
||||
type: str
|
||||
choices: ['hide', 'static']
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
host_servers:
|
||||
description:
|
||||
- Servers Configuration.
|
||||
type: dict
|
||||
suboptions:
|
||||
dns_server:
|
||||
description:
|
||||
- Gets True if this server is a DNS Server.
|
||||
type: bool
|
||||
mail_server:
|
||||
description:
|
||||
- Gets True if this server is a Mail Server.
|
||||
type: bool
|
||||
web_server:
|
||||
description:
|
||||
- Gets True if this server is a Web Server.
|
||||
type: bool
|
||||
web_server_config:
|
||||
description:
|
||||
- Web Server configuration.
|
||||
type: dict
|
||||
suboptions:
|
||||
additional_ports:
|
||||
description:
|
||||
- Server additional ports.
|
||||
type: list
|
||||
application_engines:
|
||||
description:
|
||||
- Application engines of this web server.
|
||||
type: list
|
||||
listen_standard_port:
|
||||
description:
|
||||
- Whether server listens to standard port.
|
||||
type: bool
|
||||
operating_system:
|
||||
description:
|
||||
- Operating System.
|
||||
type: str
|
||||
choices: ['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris']
|
||||
protected_by:
|
||||
description:
|
||||
- Network object which protects this server identified by the name or UID.
|
||||
type: str
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-host
|
||||
cp_mgmt_host:
|
||||
ip_address: 192.0.2.1
|
||||
name: New Host 1
|
||||
state: present
|
||||
|
||||
- name: set-host
|
||||
cp_mgmt_host:
|
||||
color: green
|
||||
ipv4_address: 192.0.2.2
|
||||
name: New Host 1
|
||||
state: present
|
||||
|
||||
- name: delete-host
|
||||
cp_mgmt_host:
|
||||
name: New Host 1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_host:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
ip_address=dict(type='str'),
|
||||
ipv4_address=dict(type='str'),
|
||||
ipv6_address=dict(type='str'),
|
||||
interfaces=dict(type='list', options=dict(
|
||||
name=dict(type='str'),
|
||||
subnet=dict(type='str'),
|
||||
subnet4=dict(type='str'),
|
||||
subnet6=dict(type='str'),
|
||||
mask_length=dict(type='int'),
|
||||
mask_length4=dict(type='int'),
|
||||
mask_length6=dict(type='int'),
|
||||
subnet_mask=dict(type='str'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan',
|
||||
'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick',
|
||||
'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral',
|
||||
'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red',
|
||||
'sienna', 'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)),
|
||||
nat_settings=dict(type='dict', options=dict(
|
||||
auto_rule=dict(type='bool'),
|
||||
ip_address=dict(type='str'),
|
||||
ipv4_address=dict(type='str'),
|
||||
ipv6_address=dict(type='str'),
|
||||
hide_behind=dict(type='str', choices=['gateway', 'ip-address']),
|
||||
install_on=dict(type='str'),
|
||||
method=dict(type='str', choices=['hide', 'static'])
|
||||
)),
|
||||
tags=dict(type='list'),
|
||||
host_servers=dict(type='dict', options=dict(
|
||||
dns_server=dict(type='bool'),
|
||||
mail_server=dict(type='bool'),
|
||||
web_server=dict(type='bool'),
|
||||
web_server_config=dict(type='dict', options=dict(
|
||||
additional_ports=dict(type='list'),
|
||||
application_engines=dict(type='list'),
|
||||
listen_standard_port=dict(type='bool'),
|
||||
operating_system=dict(type='str', choices=['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris']),
|
||||
protected_by=dict(type='str')
|
||||
))
|
||||
)),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'host'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,131 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_host_facts
|
||||
short_description: Get host objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get host objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-host
|
||||
cp_mgmt_host_facts:
|
||||
name: New Host 1
|
||||
|
||||
- name: show-hosts
|
||||
cp_mgmt_host_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "host"
|
||||
api_call_object_plural_version = "hosts"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,126 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_install_policy
|
||||
short_description: install policy on Check Point over Web Services API
|
||||
description:
|
||||
- install policy on Check Point over Web Services API
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
policy_package:
|
||||
description:
|
||||
- The name of the Policy Package to be installed.
|
||||
type: str
|
||||
targets:
|
||||
description:
|
||||
- On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
|
||||
type: list
|
||||
access:
|
||||
description:
|
||||
- Set to be true in order to install the Access Control policy. By default, the value is true if Access Control policy is enabled on the input
|
||||
policy package, otherwise false.
|
||||
type: bool
|
||||
desktop_security:
|
||||
description:
|
||||
- Set to be true in order to install the Desktop Security policy. By default, the value is true if desktop security policy is enabled on the
|
||||
input policy package, otherwise false.
|
||||
type: bool
|
||||
qos:
|
||||
description:
|
||||
- Set to be true in order to install the QoS policy. By default, the value is true if Quality-of-Service policy is enabled on the input policy
|
||||
package, otherwise false.
|
||||
type: bool
|
||||
threat_prevention:
|
||||
description:
|
||||
- Set to be true in order to install the Threat Prevention policy. By default, the value is true if Threat Prevention policy is enabled on the
|
||||
input policy package, otherwise false.
|
||||
type: bool
|
||||
install_on_all_cluster_members_or_fail:
|
||||
description:
|
||||
- Relevant for the gateway clusters. If true, the policy is installed on all the cluster members. If the installation on a cluster member fails,
|
||||
don't install on that cluster.
|
||||
type: bool
|
||||
prepare_only:
|
||||
description:
|
||||
- If true, prepares the policy for the installation, but doesn't install it on an installation target.
|
||||
type: bool
|
||||
revision:
|
||||
description:
|
||||
- The UID of the revision of the policy to install.
|
||||
type: str
|
||||
extends_documentation_fragment: checkpoint_commands
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: install-policy
|
||||
cp_mgmt_install_policy:
|
||||
access: true
|
||||
policy_package: standard
|
||||
targets:
|
||||
- corporate-gateway
|
||||
threat_prevention: true
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_install_policy:
|
||||
description: The checkpoint install-policy output.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
policy_package=dict(type='str'),
|
||||
targets=dict(type='list'),
|
||||
access=dict(type='bool'),
|
||||
desktop_security=dict(type='bool'),
|
||||
qos=dict(type='bool'),
|
||||
threat_prevention=dict(type='bool'),
|
||||
install_on_all_cluster_members_or_fail=dict(type='bool'),
|
||||
prepare_only=dict(type='bool'),
|
||||
revision=dict(type='str')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_commands)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
command = "install-policy"
|
||||
|
||||
result = api_command(module, command)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,123 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_mds_facts
|
||||
short_description: Get Multi-Domain Server (mds) objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get mds objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-mds
|
||||
cp_mgmt_mds_facts:
|
||||
name: test_mds1
|
||||
|
||||
- name: show-mdss
|
||||
cp_mgmt_mds_facts:
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "mds"
|
||||
api_call_object_plural_version = "mdss"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,181 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_multicast_address_range
|
||||
short_description: Manages multicast-address-range objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages multicast-address-range objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
ip_address:
|
||||
description:
|
||||
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
|
||||
type: str
|
||||
ipv4_address:
|
||||
description:
|
||||
- IPv4 address.
|
||||
type: str
|
||||
ipv6_address:
|
||||
description:
|
||||
- IPv6 address.
|
||||
type: str
|
||||
ip_address_first:
|
||||
description:
|
||||
- First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
|
||||
type: str
|
||||
ipv4_address_first:
|
||||
description:
|
||||
- First IPv4 address in the range.
|
||||
type: str
|
||||
ipv6_address_first:
|
||||
description:
|
||||
- First IPv6 address in the range.
|
||||
type: str
|
||||
ip_address_last:
|
||||
description:
|
||||
- Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
|
||||
type: str
|
||||
ipv4_address_last:
|
||||
description:
|
||||
- Last IPv4 address in the range.
|
||||
type: str
|
||||
ipv6_address_last:
|
||||
description:
|
||||
- Last IPv6 address in the range.
|
||||
type: str
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-multicast-address-range
|
||||
cp_mgmt_multicast_address_range:
|
||||
ip_address_first: 224.0.0.1
|
||||
ip_address_last: 224.0.0.4
|
||||
name: New Multicast Address Range
|
||||
state: present
|
||||
|
||||
- name: set-multicast-address-range
|
||||
cp_mgmt_multicast_address_range:
|
||||
ip_address_first: 224.0.0.7
|
||||
ip_address_last: 224.0.0.10
|
||||
name: New Multicast Address Range
|
||||
state: present
|
||||
|
||||
- name: delete-multicast-address-range
|
||||
cp_mgmt_multicast_address_range:
|
||||
name: New Multicast Address Range
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_multicast_address_range:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
ip_address=dict(type='str'),
|
||||
ipv4_address=dict(type='str'),
|
||||
ipv6_address=dict(type='str'),
|
||||
ip_address_first=dict(type='str'),
|
||||
ipv4_address_first=dict(type='str'),
|
||||
ipv6_address_first=dict(type='str'),
|
||||
ip_address_last=dict(type='str'),
|
||||
ipv4_address_last=dict(type='str'),
|
||||
ipv6_address_last=dict(type='str'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'multicast-address-range'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,129 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_multicast_address_range_facts
|
||||
short_description: Get multicast-address-range objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get multicast-address-range objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-multicast-address-range
|
||||
cp_mgmt_multicast_address_range_facts:
|
||||
name: New Multicast Address Range
|
||||
|
||||
- name: show-multicast-address-ranges
|
||||
cp_mgmt_multicast_address_range_facts:
|
||||
details_level: full
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "multicast-address-range"
|
||||
api_call_object_plural_version = "multicast-address-ranges"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,225 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_network
|
||||
short_description: Manages network objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages network objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
subnet:
|
||||
description:
|
||||
- IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly.
|
||||
type: str
|
||||
subnet4:
|
||||
description:
|
||||
- IPv4 network address.
|
||||
type: str
|
||||
subnet6:
|
||||
description:
|
||||
- IPv6 network address.
|
||||
type: str
|
||||
mask_length:
|
||||
description:
|
||||
- IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask length
|
||||
it is possible to specify IPv4 mask itself in subnet-mask field.
|
||||
type: int
|
||||
mask_length4:
|
||||
description:
|
||||
- IPv4 network mask length.
|
||||
type: int
|
||||
mask_length6:
|
||||
description:
|
||||
- IPv6 network mask length.
|
||||
type: int
|
||||
subnet_mask:
|
||||
description:
|
||||
- IPv4 network mask.
|
||||
type: str
|
||||
nat_settings:
|
||||
description:
|
||||
- NAT settings.
|
||||
type: dict
|
||||
suboptions:
|
||||
auto_rule:
|
||||
description:
|
||||
- Whether to add automatic address translation rules.
|
||||
type: bool
|
||||
ip_address:
|
||||
description:
|
||||
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not
|
||||
required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway".
|
||||
type: str
|
||||
ipv4_address:
|
||||
description:
|
||||
- IPv4 address.
|
||||
type: str
|
||||
ipv6_address:
|
||||
description:
|
||||
- IPv6 address.
|
||||
type: str
|
||||
hide_behind:
|
||||
description:
|
||||
- Hide behind method. This parameter is not required in case "method" parameter is "static".
|
||||
type: str
|
||||
choices: ['gateway', 'ip-address']
|
||||
install_on:
|
||||
description:
|
||||
- Which gateway should apply the NAT translation.
|
||||
type: str
|
||||
method:
|
||||
description:
|
||||
- NAT translation method.
|
||||
type: str
|
||||
choices: ['hide', 'static']
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
broadcast:
|
||||
description:
|
||||
- Allow broadcast address inclusion.
|
||||
type: str
|
||||
choices: ['disallow', 'allow']
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-network
|
||||
cp_mgmt_network:
|
||||
name: New Network 1
|
||||
state: present
|
||||
subnet: 192.0.2.0
|
||||
subnet_mask: 255.255.255.0
|
||||
|
||||
- name: set-network
|
||||
cp_mgmt_network:
|
||||
color: green
|
||||
mask_length: 16
|
||||
name: New Network 1
|
||||
new_name: New Network 2
|
||||
state: present
|
||||
subnet: 192.0.0.0
|
||||
|
||||
- name: delete-network
|
||||
cp_mgmt_network:
|
||||
name: New Network 2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_network:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
subnet=dict(type='str'),
|
||||
subnet4=dict(type='str'),
|
||||
subnet6=dict(type='str'),
|
||||
mask_length=dict(type='int'),
|
||||
mask_length4=dict(type='int'),
|
||||
mask_length6=dict(type='int'),
|
||||
subnet_mask=dict(type='str'),
|
||||
nat_settings=dict(type='dict', options=dict(
|
||||
auto_rule=dict(type='bool'),
|
||||
ip_address=dict(type='str'),
|
||||
ipv4_address=dict(type='str'),
|
||||
ipv6_address=dict(type='str'),
|
||||
hide_behind=dict(type='str', choices=['gateway', 'ip-address']),
|
||||
install_on=dict(type='str'),
|
||||
method=dict(type='str', choices=['hide', 'static'])
|
||||
)),
|
||||
tags=dict(type='list'),
|
||||
broadcast=dict(type='str', choices=['disallow', 'allow']),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'network'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,131 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_network_facts
|
||||
short_description: Get network objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get network objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-network
|
||||
cp_mgmt_network_facts:
|
||||
name: New Network 1
|
||||
|
||||
- name: show-networks
|
||||
cp_mgmt_network_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "network"
|
||||
api_call_object_plural_version = "networks"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,243 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_package
|
||||
short_description: Manages package objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages package objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
access:
|
||||
description:
|
||||
- True - enables, False - disables access & NAT policies, empty - nothing is changed.
|
||||
type: bool
|
||||
desktop_security:
|
||||
description:
|
||||
- True - enables, False - disables Desktop security policy, empty - nothing is changed.
|
||||
type: bool
|
||||
installation_targets:
|
||||
description:
|
||||
- Which Gateways identified by the name or UID to install the policy on.
|
||||
type: list
|
||||
qos:
|
||||
description:
|
||||
- True - enables, False - disables QoS policy, empty - nothing is changed.
|
||||
type: bool
|
||||
qos_policy_type:
|
||||
description:
|
||||
- QoS policy type.
|
||||
type: str
|
||||
choices: ['recommended', 'express']
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
threat_prevention:
|
||||
description:
|
||||
- True - enables, False - disables Threat policy, empty - nothing is changed.
|
||||
type: bool
|
||||
vpn_traditional_mode:
|
||||
description:
|
||||
- True - enables, False - disables VPN traditional mode, empty - nothing is changed.
|
||||
type: bool
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
access_layers:
|
||||
description:
|
||||
- Access policy layers.
|
||||
type: dict
|
||||
suboptions:
|
||||
add:
|
||||
description:
|
||||
- Collection of Access layer objects to be added identified by the name or UID.
|
||||
type: list
|
||||
suboptions:
|
||||
name:
|
||||
description:
|
||||
- Layer name or UID.
|
||||
type: str
|
||||
position:
|
||||
description:
|
||||
- Layer position.
|
||||
type: int
|
||||
remove:
|
||||
description:
|
||||
- Collection of Access layer objects to be removed identified by the name or UID.
|
||||
type: list
|
||||
value:
|
||||
description:
|
||||
- Collection of Access layer objects to be set identified by the name or UID. Replaces existing Access layers.
|
||||
type: list
|
||||
threat_layers:
|
||||
description:
|
||||
- Threat policy layers.
|
||||
type: dict
|
||||
suboptions:
|
||||
add:
|
||||
description:
|
||||
- Collection of Threat layer objects to be added identified by the name or UID.
|
||||
type: list
|
||||
suboptions:
|
||||
name:
|
||||
description:
|
||||
- Layer name or UID.
|
||||
type: str
|
||||
position:
|
||||
description:
|
||||
- Layer position.
|
||||
type: int
|
||||
remove:
|
||||
description:
|
||||
- Collection of Threat layer objects to be removed identified by the name or UID.
|
||||
type: list
|
||||
value:
|
||||
description:
|
||||
- Collection of Threat layer objects to be set identified by the name or UID. Replaces existing Threat layers.
|
||||
type: list
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-package
|
||||
cp_mgmt_package:
|
||||
access: true
|
||||
color: green
|
||||
comments: My Comments
|
||||
name: New_Standard_Package_1
|
||||
state: present
|
||||
threat_prevention: false
|
||||
|
||||
- name: set-package
|
||||
cp_mgmt_package:
|
||||
access_layers:
|
||||
add:
|
||||
- name: New Access Layer 1
|
||||
position: 1
|
||||
name: Standard
|
||||
state: present
|
||||
threat_layers:
|
||||
add:
|
||||
- name: New Layer 1
|
||||
position: 2
|
||||
|
||||
- name: delete-package
|
||||
cp_mgmt_package:
|
||||
name: New Standard Package 1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_package:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
access=dict(type='bool'),
|
||||
desktop_security=dict(type='bool'),
|
||||
installation_targets=dict(type='list'),
|
||||
qos=dict(type='bool'),
|
||||
qos_policy_type=dict(type='str', choices=['recommended', 'express']),
|
||||
tags=dict(type='list'),
|
||||
threat_prevention=dict(type='bool'),
|
||||
vpn_traditional_mode=dict(type='bool'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool'),
|
||||
access_layers=dict(type='dict', options=dict(
|
||||
add=dict(type='list', options=dict(
|
||||
name=dict(type='str'),
|
||||
position=dict(type='int')
|
||||
)),
|
||||
remove=dict(type='list'),
|
||||
value=dict(type='list')
|
||||
)),
|
||||
threat_layers=dict(type='dict', options=dict(
|
||||
add=dict(type='list', options=dict(
|
||||
name=dict(type='str'),
|
||||
position=dict(type='int')
|
||||
)),
|
||||
remove=dict(type='list'),
|
||||
value=dict(type='list')
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'package'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,126 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_package_facts
|
||||
short_description: Get package objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get package objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-package
|
||||
cp_mgmt_package_facts:
|
||||
name: New_Standard_Package_1
|
||||
|
||||
- name: show-packages
|
||||
cp_mgmt_package_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "package"
|
||||
api_call_object_plural_version = "packages"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,76 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_publish
|
||||
short_description: All the changes done by this user will be seen by all users only after publish is called.
|
||||
description:
|
||||
- All the changes done by this user will be seen by all users only after publish is called.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
uid:
|
||||
description:
|
||||
- Session unique identifier. Specify it to publish a different session than the one you currently use.
|
||||
type: str
|
||||
extends_documentation_fragment: checkpoint_commands
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: publish
|
||||
cp_mgmt_publish:
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_publish:
|
||||
description: The checkpoint publish output.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
uid=dict(type='str')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_commands)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
command = "publish"
|
||||
|
||||
result = api_command(module, command)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,101 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_put_file
|
||||
short_description: put file on Check Point over Web Services API
|
||||
description:
|
||||
- put file on Check Point over Web Services API
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
targets:
|
||||
description:
|
||||
- On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
|
||||
type: list
|
||||
file_content:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
file_name:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
file_path:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
extends_documentation_fragment: checkpoint_commands
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: put-file
|
||||
cp_mgmt_put_file:
|
||||
file_content: 'vs ip 192.0.2.1\nvs2 ip 192.0.2.2'
|
||||
file_name: vsx_conf
|
||||
file_path: /home/admin/
|
||||
targets:
|
||||
- corporate-gateway
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_put_file:
|
||||
description: The checkpoint put-file output.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
targets=dict(type='list'),
|
||||
file_content=dict(type='str'),
|
||||
file_name=dict(type='str'),
|
||||
file_path=dict(type='str'),
|
||||
comments=dict(type='str')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_commands)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
command = "put-file"
|
||||
|
||||
result = api_command(module, command)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,76 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_run_ips_update
|
||||
short_description: Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center.
|
||||
description:
|
||||
- Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
package_path:
|
||||
description:
|
||||
- Offline update package path.
|
||||
type: str
|
||||
extends_documentation_fragment: checkpoint_commands
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: run-ips-update
|
||||
cp_mgmt_run_ips_update:
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_run_ips_update:
|
||||
description: The checkpoint run-ips-update output.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
package_path=dict(type='str')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_commands)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
command = "run-ips-update"
|
||||
|
||||
result = api_command(module, command)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,100 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_run_script
|
||||
short_description: Executes the script on a given list of targets.
|
||||
description:
|
||||
- Executes the script on a given list of targets.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
script_name:
|
||||
description:
|
||||
- Script name.
|
||||
type: str
|
||||
script:
|
||||
description:
|
||||
- Script body.
|
||||
type: str
|
||||
targets:
|
||||
description:
|
||||
- On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
|
||||
type: list
|
||||
args:
|
||||
description:
|
||||
- Script arguments.
|
||||
type: str
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
extends_documentation_fragment: checkpoint_commands
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: run-script
|
||||
cp_mgmt_run_script:
|
||||
script: ls -l /
|
||||
script_name: 'Script Example: List files under / dir'
|
||||
targets:
|
||||
- corporate-gateway
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_run_script:
|
||||
description: The checkpoint run-script output.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
script_name=dict(type='str'),
|
||||
script=dict(type='str'),
|
||||
targets=dict(type='list'),
|
||||
args=dict(type='str'),
|
||||
comments=dict(type='str')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_commands)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
command = "run-script"
|
||||
|
||||
result = api_command(module, command)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,129 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_security_zone
|
||||
short_description: Manages security-zone objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages security-zone objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-security-zone
|
||||
cp_mgmt_security_zone:
|
||||
color: yellow
|
||||
comments: My Security Zone 1
|
||||
name: SZone1
|
||||
state: present
|
||||
|
||||
- name: set-security-zone
|
||||
cp_mgmt_security_zone:
|
||||
name: SZone1
|
||||
state: present
|
||||
|
||||
- name: delete-security-zone
|
||||
cp_mgmt_security_zone:
|
||||
name: SZone2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_security_zone:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'security-zone'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,128 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_security_zone_facts
|
||||
short_description: Get security-zone objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get security-zone objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-security-zone
|
||||
cp_mgmt_security_zone_facts:
|
||||
name: SZone1
|
||||
|
||||
- name: show-security-zones
|
||||
cp_mgmt_security_zone_facts:
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "security-zone"
|
||||
api_call_object_plural_version = "security-zones"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,147 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_dce_rpc
|
||||
short_description: Manages service-dce-rpc objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages service-dce-rpc objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
interface_uuid:
|
||||
description:
|
||||
- Network interface UUID.
|
||||
type: str
|
||||
keep_connections_open_after_policy_installation:
|
||||
description:
|
||||
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
|
||||
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
|
||||
type: bool
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-service-dce-rpc
|
||||
cp_mgmt_service_dce_rpc:
|
||||
interface_uuid: 97aeb460-9aea-11d5-bd16-0090272ccb30
|
||||
keep_connections_open_after_policy_installation: false
|
||||
name: New_DCE-RPC_Service_1
|
||||
state: present
|
||||
|
||||
- name: set-service-dce-rpc
|
||||
cp_mgmt_service_dce_rpc:
|
||||
color: green
|
||||
interface_uuid: 44aeb460-9aea-11d5-bd16-009027266b30
|
||||
name: New_DCE-RPC_Service_1
|
||||
state: present
|
||||
|
||||
- name: delete-service-dce-rpc
|
||||
cp_mgmt_service_dce_rpc:
|
||||
name: New_DCE-RPC_Service_2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_service_dce_rpc:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
interface_uuid=dict(type='str'),
|
||||
keep_connections_open_after_policy_installation=dict(type='bool'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'service-dce-rpc'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,131 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_dce_rpc_facts
|
||||
short_description: Get service-dce-rpc objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get service-dce-rpc objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-service-dce-rpc
|
||||
cp_mgmt_service_dce_rpc_facts:
|
||||
name: HP-OpCdistm
|
||||
|
||||
- name: show-services-dce-rpc
|
||||
cp_mgmt_service_dce_rpc_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "service-dce-rpc"
|
||||
api_call_object_plural_version = "services-dce-rpc"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,146 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_group
|
||||
short_description: Manages service-group objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages service-group objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
members:
|
||||
description:
|
||||
- Collection of Network objects identified by the name or UID.
|
||||
type: list
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-service-group
|
||||
cp_mgmt_service_group:
|
||||
members:
|
||||
- https
|
||||
- bootp
|
||||
- nisplus
|
||||
- HP-OpCdistm
|
||||
name: New Service Group 1
|
||||
state: present
|
||||
|
||||
- name: set-service-group
|
||||
cp_mgmt_service_group:
|
||||
name: New Service Group 1
|
||||
members:
|
||||
- https
|
||||
- bootp
|
||||
- nisplus
|
||||
state: present
|
||||
|
||||
- name: delete-service-group
|
||||
cp_mgmt_service_group:
|
||||
name: New Service Group 1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_service_group:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
members=dict(type='list'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'service-group'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,143 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_group_facts
|
||||
short_description: Get service-group objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get service-group objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
show_as_ranges:
|
||||
description:
|
||||
- When true, the service group's matched content is displayed as ranges of port numbers rather than service objects.<br />Objects that are not
|
||||
represented using port numbers are presented as objects.<br />The 'members' parameter is omitted from the response and instead the 'ranges' parameter
|
||||
is displayed.
|
||||
type: bool
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
dereference_group_members:
|
||||
description:
|
||||
- Indicates whether to dereference "members" field by details level for every object in reply.
|
||||
type: bool
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-service-group
|
||||
cp_mgmt_service_group_facts:
|
||||
name: New Service Group 1
|
||||
|
||||
- name: show-service-groups
|
||||
cp_mgmt_service_group_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
show_as_ranges=dict(type='bool'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
dereference_group_members=dict(type='bool'),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "service-group"
|
||||
api_call_object_plural_version = "service-groups"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,152 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_icmp
|
||||
short_description: Manages service-icmp objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages service-icmp objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
icmp_code:
|
||||
description:
|
||||
- As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>.
|
||||
type: int
|
||||
icmp_type:
|
||||
description:
|
||||
- As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>.
|
||||
type: int
|
||||
keep_connections_open_after_policy_installation:
|
||||
description:
|
||||
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
|
||||
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
|
||||
type: bool
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-service-icmp
|
||||
cp_mgmt_service_icmp:
|
||||
icmp_code: 7
|
||||
icmp_type: 5
|
||||
name: Icmp1
|
||||
state: present
|
||||
|
||||
- name: set-service-icmp
|
||||
cp_mgmt_service_icmp:
|
||||
icmp_code: 13
|
||||
icmp_type: 45
|
||||
name: icmp1
|
||||
state: present
|
||||
|
||||
- name: delete-service-icmp
|
||||
cp_mgmt_service_icmp:
|
||||
name: icmp3
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_service_icmp:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
icmp_code=dict(type='int'),
|
||||
icmp_type=dict(type='int'),
|
||||
keep_connections_open_after_policy_installation=dict(type='bool'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'service-icmp'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,152 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_icmp6
|
||||
short_description: Manages service-icmp6 objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages service-icmp6 objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
icmp_code:
|
||||
description:
|
||||
- As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>.
|
||||
type: int
|
||||
icmp_type:
|
||||
description:
|
||||
- As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>.
|
||||
type: int
|
||||
keep_connections_open_after_policy_installation:
|
||||
description:
|
||||
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
|
||||
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
|
||||
type: bool
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-service-icmp6
|
||||
cp_mgmt_service_icmp6:
|
||||
icmp_code: 7
|
||||
icmp_type: 5
|
||||
name: Icmp1
|
||||
state: present
|
||||
|
||||
- name: set-service-icmp6
|
||||
cp_mgmt_service_icmp6:
|
||||
icmp_code: 13
|
||||
icmp_type: 45
|
||||
name: icmp1
|
||||
state: present
|
||||
|
||||
- name: delete-service-icmp6
|
||||
cp_mgmt_service_icmp6:
|
||||
name: icmp2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_service_icmp6:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
icmp_code=dict(type='int'),
|
||||
icmp_type=dict(type='int'),
|
||||
keep_connections_open_after_policy_installation=dict(type='bool'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'service-icmp6'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,130 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_icmp6_facts
|
||||
short_description: Get service-icmp6 objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get service-icmp6 objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-service-icmp6
|
||||
cp_mgmt_service_icmp6_facts:
|
||||
name: echo-reply6
|
||||
|
||||
- name: show-services-icmp6
|
||||
cp_mgmt_service_icmp6_facts:
|
||||
limit: 2
|
||||
offset: 4
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "service-icmp6"
|
||||
api_call_object_plural_version = "services-icmp6"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,130 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_icmp_facts
|
||||
short_description: Get service-icmp objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get service-icmp objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-service-icmp
|
||||
cp_mgmt_service_icmp_facts:
|
||||
name: info-req
|
||||
|
||||
- name: show-services-icmp
|
||||
cp_mgmt_service_icmp_facts:
|
||||
limit: 4
|
||||
offset: 3
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "service-icmp"
|
||||
api_call_object_plural_version = "services-icmp"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,225 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_other
|
||||
short_description: Manages service-other objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages service-other objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
accept_replies:
|
||||
description:
|
||||
- Specifies whether Other Service replies are to be accepted.
|
||||
type: bool
|
||||
action:
|
||||
description:
|
||||
- Contains an INSPECT expression that defines the action to take if a rule containing this service is matched.
|
||||
Example, set r_mhandler &open_ssl_handler sets a handler on the connection.
|
||||
type: str
|
||||
aggressive_aging:
|
||||
description:
|
||||
- Sets short (aggressive) timeouts for idle connections.
|
||||
type: dict
|
||||
suboptions:
|
||||
default_timeout:
|
||||
description:
|
||||
- Default aggressive aging timeout in seconds.
|
||||
type: int
|
||||
enable:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
timeout:
|
||||
description:
|
||||
- Aggressive aging timeout in seconds.
|
||||
type: int
|
||||
use_default_timeout:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
ip_protocol:
|
||||
description:
|
||||
- IP protocol number.
|
||||
type: int
|
||||
keep_connections_open_after_policy_installation:
|
||||
description:
|
||||
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
|
||||
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
|
||||
type: bool
|
||||
match:
|
||||
description:
|
||||
- Contains an INSPECT expression that defines the matching criteria. The connection is examined against the expression during the first packet.
|
||||
Example, tcp, dport = 21, direction = 0 matches incoming FTP control connections.
|
||||
type: str
|
||||
match_for_any:
|
||||
description:
|
||||
- Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port
|
||||
and protocol.
|
||||
type: bool
|
||||
override_default_settings:
|
||||
description:
|
||||
- Indicates whether this service is a Data Domain service which has been overridden.
|
||||
type: bool
|
||||
session_timeout:
|
||||
description:
|
||||
- Time (in seconds) before the session times out.
|
||||
type: int
|
||||
sync_connections_on_cluster:
|
||||
description:
|
||||
- Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
|
||||
type: bool
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
use_default_session_timeout:
|
||||
description:
|
||||
- Use default virtual session timeout.
|
||||
type: bool
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-service-other
|
||||
cp_mgmt_service_other:
|
||||
aggressive_aging:
|
||||
enable: true
|
||||
timeout: 360
|
||||
use_default_timeout: false
|
||||
ip_protocol: 51
|
||||
keep_connections_open_after_policy_installation: false
|
||||
match_for_any: true
|
||||
name: New_Service_1
|
||||
session_timeout: 0
|
||||
state: present
|
||||
sync_connections_on_cluster: true
|
||||
|
||||
- name: set-service-other
|
||||
cp_mgmt_service_other:
|
||||
aggressive_aging:
|
||||
default_timeout: 3600
|
||||
color: green
|
||||
name: New_Service_1
|
||||
state: present
|
||||
|
||||
- name: delete-service-other
|
||||
cp_mgmt_service_other:
|
||||
name: New_Service_2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_service_other:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
accept_replies=dict(type='bool'),
|
||||
action=dict(type='str'),
|
||||
aggressive_aging=dict(type='dict', options=dict(
|
||||
default_timeout=dict(type='int'),
|
||||
enable=dict(type='bool'),
|
||||
timeout=dict(type='int'),
|
||||
use_default_timeout=dict(type='bool')
|
||||
)),
|
||||
ip_protocol=dict(type='int'),
|
||||
keep_connections_open_after_policy_installation=dict(type='bool'),
|
||||
match=dict(type='str'),
|
||||
match_for_any=dict(type='bool'),
|
||||
override_default_settings=dict(type='bool'),
|
||||
session_timeout=dict(type='int'),
|
||||
sync_connections_on_cluster=dict(type='bool'),
|
||||
tags=dict(type='list'),
|
||||
use_default_session_timeout=dict(type='bool'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'service-other'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,131 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_other_facts
|
||||
short_description: Get service-other objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get service-other objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-service-other
|
||||
cp_mgmt_service_other_facts:
|
||||
name: New_Service_1
|
||||
|
||||
- name: show-services-other
|
||||
cp_mgmt_service_other_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "service-other"
|
||||
api_call_object_plural_version = "services-other"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,147 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_rpc
|
||||
short_description: Manages service-rpc objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages service-rpc objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
keep_connections_open_after_policy_installation:
|
||||
description:
|
||||
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
|
||||
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
|
||||
type: bool
|
||||
program_number:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-service-rpc
|
||||
cp_mgmt_service_rpc:
|
||||
keep_connections_open_after_policy_installation: false
|
||||
name: New_RPC_Service_1
|
||||
program_number: 5669
|
||||
state: present
|
||||
|
||||
- name: set-service-rpc
|
||||
cp_mgmt_service_rpc:
|
||||
color: green
|
||||
name: New_RPC_Service_1
|
||||
program_number: 5656
|
||||
state: present
|
||||
|
||||
- name: delete-service-rpc
|
||||
cp_mgmt_service_rpc:
|
||||
name: New_RPC_Service_2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_service_rpc:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
keep_connections_open_after_policy_installation=dict(type='bool'),
|
||||
program_number=dict(type='int'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'service-rpc'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,131 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_rpc_facts
|
||||
short_description: Get service-rpc objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get service-rpc objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-service-rpc
|
||||
cp_mgmt_service_rpc_facts:
|
||||
name: nisplus
|
||||
|
||||
- name: show-services-rpc
|
||||
cp_mgmt_service_rpc_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "service-rpc"
|
||||
api_call_object_plural_version = "services-rpc"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,209 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_sctp
|
||||
short_description: Manages service-sctp objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages service-sctp objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
port:
|
||||
description:
|
||||
- Port number. To specify a port range add a hyphen between the lowest and the highest port numbers, for example 44-45.
|
||||
type: str
|
||||
aggressive_aging:
|
||||
description:
|
||||
- Sets short (aggressive) timeouts for idle connections.
|
||||
type: dict
|
||||
suboptions:
|
||||
default_timeout:
|
||||
description:
|
||||
- Default aggressive aging timeout in seconds.
|
||||
type: int
|
||||
enable:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
timeout:
|
||||
description:
|
||||
- Aggressive aging timeout in seconds.
|
||||
type: int
|
||||
use_default_timeout:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
keep_connections_open_after_policy_installation:
|
||||
description:
|
||||
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
|
||||
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
|
||||
type: bool
|
||||
match_for_any:
|
||||
description:
|
||||
- Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port
|
||||
and protocol.
|
||||
type: bool
|
||||
session_timeout:
|
||||
description:
|
||||
- Time (in seconds) before the session times out.
|
||||
type: int
|
||||
source_port:
|
||||
description:
|
||||
- Source port number. To specify a port range add a hyphen between the lowest and the highest port numbers, for example 44-45.
|
||||
type: str
|
||||
sync_connections_on_cluster:
|
||||
description:
|
||||
- Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
|
||||
type: bool
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
use_default_session_timeout:
|
||||
description:
|
||||
- Use default virtual session timeout.
|
||||
type: bool
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-service-sctp
|
||||
cp_mgmt_service_sctp:
|
||||
aggressive_aging:
|
||||
enable: true
|
||||
timeout: 360
|
||||
use_default_timeout: false
|
||||
keep_connections_open_after_policy_installation: false
|
||||
match_for_any: true
|
||||
name: New_SCTP_Service_1
|
||||
port: 5669
|
||||
session_timeout: 0
|
||||
state: present
|
||||
sync_connections_on_cluster: true
|
||||
|
||||
- name: set-service-sctp
|
||||
cp_mgmt_service_sctp:
|
||||
aggressive_aging:
|
||||
default_timeout: 3600
|
||||
color: green
|
||||
name: New_SCTP_Service_1
|
||||
port: 5656
|
||||
state: present
|
||||
|
||||
- name: delete-service-sctp
|
||||
cp_mgmt_service_sctp:
|
||||
name: New_SCTP_Service_2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_service_sctp:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
port=dict(type='str'),
|
||||
aggressive_aging=dict(type='dict', options=dict(
|
||||
default_timeout=dict(type='int'),
|
||||
enable=dict(type='bool'),
|
||||
timeout=dict(type='int'),
|
||||
use_default_timeout=dict(type='bool')
|
||||
)),
|
||||
keep_connections_open_after_policy_installation=dict(type='bool'),
|
||||
match_for_any=dict(type='bool'),
|
||||
session_timeout=dict(type='int'),
|
||||
source_port=dict(type='str'),
|
||||
sync_connections_on_cluster=dict(type='bool'),
|
||||
tags=dict(type='list'),
|
||||
use_default_session_timeout=dict(type='bool'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'service-sctp'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,131 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_sctp_facts
|
||||
short_description: Get service-sctp objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get service-sctp objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-service-sctp
|
||||
cp_mgmt_service_sctp_facts:
|
||||
name: New_SCTP_Service_1
|
||||
|
||||
- name: show-services-sctp
|
||||
cp_mgmt_service_sctp_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "service-sctp"
|
||||
api_call_object_plural_version = "services-sctp"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,229 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_tcp
|
||||
short_description: Manages service-tcp objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages service-tcp objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
aggressive_aging:
|
||||
description:
|
||||
- Sets short (aggressive) timeouts for idle connections.
|
||||
type: dict
|
||||
suboptions:
|
||||
default_timeout:
|
||||
description:
|
||||
- Default aggressive aging timeout in seconds.
|
||||
type: int
|
||||
enable:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
timeout:
|
||||
description:
|
||||
- Aggressive aging timeout in seconds.
|
||||
type: int
|
||||
use_default_timeout:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
keep_connections_open_after_policy_installation:
|
||||
description:
|
||||
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
|
||||
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
|
||||
type: bool
|
||||
match_by_protocol_signature:
|
||||
description:
|
||||
- A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option
|
||||
to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true.
|
||||
type: bool
|
||||
match_for_any:
|
||||
description:
|
||||
- Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port
|
||||
and protocol.
|
||||
type: bool
|
||||
override_default_settings:
|
||||
description:
|
||||
- Indicates whether this service is a Data Domain service which has been overridden.
|
||||
type: bool
|
||||
port:
|
||||
description:
|
||||
- The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for
|
||||
example 44-55.
|
||||
type: str
|
||||
protocol:
|
||||
description:
|
||||
- Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and
|
||||
Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of
|
||||
security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports).
|
||||
type: str
|
||||
session_timeout:
|
||||
description:
|
||||
- Time (in seconds) before the session times out.
|
||||
type: int
|
||||
source_port:
|
||||
description:
|
||||
- Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet
|
||||
inspection. Otherwise, the source port is not inspected.
|
||||
type: str
|
||||
sync_connections_on_cluster:
|
||||
description:
|
||||
- Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
|
||||
type: bool
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
use_default_session_timeout:
|
||||
description:
|
||||
- Use default virtual session timeout.
|
||||
type: bool
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-service-tcp
|
||||
cp_mgmt_service_tcp:
|
||||
aggressive_aging:
|
||||
enable: true
|
||||
timeout: 360
|
||||
use_default_timeout: false
|
||||
keep_connections_open_after_policy_installation: false
|
||||
match_for_any: true
|
||||
name: New_TCP_Service_1
|
||||
port: 5669
|
||||
session_timeout: 0
|
||||
state: present
|
||||
sync_connections_on_cluster: true
|
||||
|
||||
- name: set-service-tcp
|
||||
cp_mgmt_service_tcp:
|
||||
aggressive_aging:
|
||||
default_timeout: 3600
|
||||
color: green
|
||||
name: New_TCP_Service_1
|
||||
port: 5656
|
||||
state: present
|
||||
|
||||
- name: delete-service-tcp
|
||||
cp_mgmt_service_tcp:
|
||||
name: New_TCP_Service_1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_service_tcp:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
aggressive_aging=dict(type='dict', options=dict(
|
||||
default_timeout=dict(type='int'),
|
||||
enable=dict(type='bool'),
|
||||
timeout=dict(type='int'),
|
||||
use_default_timeout=dict(type='bool')
|
||||
)),
|
||||
keep_connections_open_after_policy_installation=dict(type='bool'),
|
||||
match_by_protocol_signature=dict(type='bool'),
|
||||
match_for_any=dict(type='bool'),
|
||||
override_default_settings=dict(type='bool'),
|
||||
port=dict(type='str'),
|
||||
protocol=dict(type='str'),
|
||||
session_timeout=dict(type='int'),
|
||||
source_port=dict(type='str'),
|
||||
sync_connections_on_cluster=dict(type='bool'),
|
||||
tags=dict(type='list'),
|
||||
use_default_session_timeout=dict(type='bool'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'service-tcp'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,131 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_tcp_facts
|
||||
short_description: Get service-tcp objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get service-tcp objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-service-tcp
|
||||
cp_mgmt_service_tcp_facts:
|
||||
name: https
|
||||
|
||||
- name: show-services-tcp
|
||||
cp_mgmt_service_tcp_facts:
|
||||
details_level: standard
|
||||
limit: 10
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "service-tcp"
|
||||
api_call_object_plural_version = "services-tcp"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,236 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_udp
|
||||
short_description: Manages service-udp objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages service-udp objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
accept_replies:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
aggressive_aging:
|
||||
description:
|
||||
- Sets short (aggressive) timeouts for idle connections.
|
||||
type: dict
|
||||
suboptions:
|
||||
default_timeout:
|
||||
description:
|
||||
- Default aggressive aging timeout in seconds.
|
||||
type: int
|
||||
enable:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
timeout:
|
||||
description:
|
||||
- Aggressive aging timeout in seconds.
|
||||
type: int
|
||||
use_default_timeout:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
keep_connections_open_after_policy_installation:
|
||||
description:
|
||||
- Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
|
||||
Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
|
||||
type: bool
|
||||
match_by_protocol_signature:
|
||||
description:
|
||||
- A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option
|
||||
to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true.
|
||||
type: bool
|
||||
match_for_any:
|
||||
description:
|
||||
- Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port
|
||||
and protocol.
|
||||
type: bool
|
||||
override_default_settings:
|
||||
description:
|
||||
- Indicates whether this service is a Data Domain service which has been overridden.
|
||||
type: bool
|
||||
port:
|
||||
description:
|
||||
- The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for
|
||||
example 44-55.
|
||||
type: str
|
||||
protocol:
|
||||
description:
|
||||
- Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and
|
||||
Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of
|
||||
security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports).
|
||||
type: str
|
||||
session_timeout:
|
||||
description:
|
||||
- Time (in seconds) before the session times out.
|
||||
type: int
|
||||
source_port:
|
||||
description:
|
||||
- Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet
|
||||
inspection. Otherwise, the source port is not inspected.
|
||||
type: str
|
||||
sync_connections_on_cluster:
|
||||
description:
|
||||
- Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
|
||||
type: bool
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
use_default_session_timeout:
|
||||
description:
|
||||
- Use default virtual session timeout.
|
||||
type: bool
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-service-udp
|
||||
cp_mgmt_service_udp:
|
||||
accept_replies: false
|
||||
aggressive_aging:
|
||||
enable: true
|
||||
timeout: 360
|
||||
use_default_timeout: false
|
||||
keep_connections_open_after_policy_installation: false
|
||||
match_for_any: true
|
||||
name: New_UDP_Service_1
|
||||
port: 5669
|
||||
session_timeout: 0
|
||||
state: present
|
||||
sync_connections_on_cluster: true
|
||||
|
||||
- name: set-service-udp
|
||||
cp_mgmt_service_udp:
|
||||
accept_replies: true
|
||||
aggressive_aging:
|
||||
default_timeout: 3600
|
||||
color: green
|
||||
name: New_UDP_Service_1
|
||||
port: 5656
|
||||
state: present
|
||||
|
||||
- name: delete-service-udp
|
||||
cp_mgmt_service_udp:
|
||||
name: New_UDP_Service_2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_service_udp:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
accept_replies=dict(type='bool'),
|
||||
aggressive_aging=dict(type='dict', options=dict(
|
||||
default_timeout=dict(type='int'),
|
||||
enable=dict(type='bool'),
|
||||
timeout=dict(type='int'),
|
||||
use_default_timeout=dict(type='bool')
|
||||
)),
|
||||
keep_connections_open_after_policy_installation=dict(type='bool'),
|
||||
match_by_protocol_signature=dict(type='bool'),
|
||||
match_for_any=dict(type='bool'),
|
||||
override_default_settings=dict(type='bool'),
|
||||
port=dict(type='str'),
|
||||
protocol=dict(type='str'),
|
||||
session_timeout=dict(type='int'),
|
||||
source_port=dict(type='str'),
|
||||
sync_connections_on_cluster=dict(type='bool'),
|
||||
tags=dict(type='list'),
|
||||
use_default_session_timeout=dict(type='bool'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'service-udp'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,131 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_service_udp_facts
|
||||
short_description: Get service-udp objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get service-udp objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-service-udp
|
||||
cp_mgmt_service_udp_facts:
|
||||
name: bootp
|
||||
|
||||
- name: show-services-udp
|
||||
cp_mgmt_service_udp_facts:
|
||||
details_level: standard
|
||||
limit: 10
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "service-udp"
|
||||
api_call_object_plural_version = "services-udp"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,124 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_session_facts
|
||||
short_description: Get session objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get session objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the descending order by the session publish time.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
view_published_sessions:
|
||||
description:
|
||||
- Show a list of published sessions.
|
||||
type: bool
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-session
|
||||
cp_mgmt_session_facts:
|
||||
|
||||
- name: show-sessions
|
||||
cp_mgmt_session_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
view_published_sessions=dict(type='bool'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full'])
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "session"
|
||||
api_call_object_plural_version = "sessions"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,630 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_simple_gateway
|
||||
short_description: Manages simple-gateway objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages simple-gateway objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
ip_address:
|
||||
description:
|
||||
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
|
||||
type: str
|
||||
ipv4_address:
|
||||
description:
|
||||
- IPv4 address.
|
||||
type: str
|
||||
ipv6_address:
|
||||
description:
|
||||
- IPv6 address.
|
||||
type: str
|
||||
anti_bot:
|
||||
description:
|
||||
- Anti-Bot blade enabled.
|
||||
type: bool
|
||||
anti_virus:
|
||||
description:
|
||||
- Anti-Virus blade enabled.
|
||||
type: bool
|
||||
application_control:
|
||||
description:
|
||||
- Application Control blade enabled.
|
||||
type: bool
|
||||
content_awareness:
|
||||
description:
|
||||
- Content Awareness blade enabled.
|
||||
type: bool
|
||||
firewall:
|
||||
description:
|
||||
- Firewall blade enabled.
|
||||
type: bool
|
||||
firewall_settings:
|
||||
description:
|
||||
- N/A
|
||||
type: dict
|
||||
suboptions:
|
||||
auto_calculate_connections_hash_table_size_and_memory_pool:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
auto_maximum_limit_for_concurrent_connections:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
connections_hash_size:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
maximum_limit_for_concurrent_connections:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
maximum_memory_pool_size:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
memory_pool_size:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
interfaces:
|
||||
description:
|
||||
- Network interfaces. When a gateway is updated with a new interfaces, the existing interfaces are removed.
|
||||
type: list
|
||||
suboptions:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
anti_spoofing:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
anti_spoofing_settings:
|
||||
description:
|
||||
- N/A
|
||||
type: dict
|
||||
suboptions:
|
||||
action:
|
||||
description:
|
||||
- If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
|
||||
type: str
|
||||
choices: ['prevent', 'detect']
|
||||
ip_address:
|
||||
description:
|
||||
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
|
||||
type: str
|
||||
ipv4_address:
|
||||
description:
|
||||
- IPv4 address.
|
||||
type: str
|
||||
ipv6_address:
|
||||
description:
|
||||
- IPv6 address.
|
||||
type: str
|
||||
network_mask:
|
||||
description:
|
||||
- IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of
|
||||
providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use
|
||||
ipv4-mask-length and ipv6-mask-length fields explicitly.
|
||||
type: str
|
||||
ipv4_network_mask:
|
||||
description:
|
||||
- IPv4 network address.
|
||||
type: str
|
||||
ipv6_network_mask:
|
||||
description:
|
||||
- IPv6 network address.
|
||||
type: str
|
||||
mask_length:
|
||||
description:
|
||||
- IPv4 or IPv6 network mask length.
|
||||
type: str
|
||||
ipv4_mask_length:
|
||||
description:
|
||||
- IPv4 network mask length.
|
||||
type: str
|
||||
ipv6_mask_length:
|
||||
description:
|
||||
- IPv6 network mask length.
|
||||
type: str
|
||||
security_zone:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
security_zone_settings:
|
||||
description:
|
||||
- N/A
|
||||
type: dict
|
||||
suboptions:
|
||||
auto_calculated:
|
||||
description:
|
||||
- Security Zone is calculated according to where the interface leads to.
|
||||
type: bool
|
||||
specific_zone:
|
||||
description:
|
||||
- Security Zone specified manually.
|
||||
type: str
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
topology:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
choices: ['automatic', 'external', 'internal']
|
||||
topology_settings:
|
||||
description:
|
||||
- N/A
|
||||
type: dict
|
||||
suboptions:
|
||||
interface_leads_to_dmz:
|
||||
description:
|
||||
- Whether this interface leads to demilitarized zone (perimeter network).
|
||||
type: bool
|
||||
ip_address_behind_this_interface:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific']
|
||||
specific_network:
|
||||
description:
|
||||
- Network behind this interface.
|
||||
type: str
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange',
|
||||
'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray',
|
||||
'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive',
|
||||
'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
ips:
|
||||
description:
|
||||
- Intrusion Prevention System blade enabled.
|
||||
type: bool
|
||||
logs_settings:
|
||||
description:
|
||||
- N/A
|
||||
type: dict
|
||||
suboptions:
|
||||
alert_when_free_disk_space_below:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
alert_when_free_disk_space_below_threshold:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
alert_when_free_disk_space_below_type:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
|
||||
'user defined alert no.3']
|
||||
before_delete_keep_logs_from_the_last_days:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
before_delete_keep_logs_from_the_last_days_threshold:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
before_delete_run_script:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
before_delete_run_script_command:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
delete_index_files_older_than_days:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
delete_index_files_older_than_days_threshold:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
delete_index_files_when_index_size_above:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
delete_index_files_when_index_size_above_threshold:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
delete_when_free_disk_space_below:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
delete_when_free_disk_space_below_threshold:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
detect_new_citrix_ica_application_names:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
forward_logs_to_log_server:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
forward_logs_to_log_server_name:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
forward_logs_to_log_server_schedule_name:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
free_disk_space_metrics:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
choices: ['mbytes', 'percent']
|
||||
perform_log_rotate_before_log_forwarding:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
reject_connections_when_free_disk_space_below_threshold:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
reserve_for_packet_capture_metrics:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
choices: ['percent', 'mbytes']
|
||||
reserve_for_packet_capture_threshold:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
rotate_log_by_file_size:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
rotate_log_file_size_threshold:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
rotate_log_on_schedule:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
rotate_log_schedule_name:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
stop_logging_when_free_disk_space_below:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
stop_logging_when_free_disk_space_below_threshold:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
turn_on_qos_logging:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
update_account_log_every:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
one_time_password:
|
||||
description:
|
||||
- N/A
|
||||
type: str
|
||||
os_name:
|
||||
description:
|
||||
- Gateway platform operating system.
|
||||
type: str
|
||||
save_logs_locally:
|
||||
description:
|
||||
- Save logs locally on the gateway.
|
||||
type: bool
|
||||
send_alerts_to_server:
|
||||
description:
|
||||
- Server(s) to send alerts to.
|
||||
type: list
|
||||
send_logs_to_backup_server:
|
||||
description:
|
||||
- Backup server(s) to send logs to.
|
||||
type: list
|
||||
send_logs_to_server:
|
||||
description:
|
||||
- Server(s) to send logs to.
|
||||
type: list
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
threat_emulation:
|
||||
description:
|
||||
- Threat Emulation blade enabled.
|
||||
type: bool
|
||||
threat_extraction:
|
||||
description:
|
||||
- Threat Extraction blade enabled.
|
||||
type: bool
|
||||
url_filtering:
|
||||
description:
|
||||
- URL Filtering blade enabled.
|
||||
type: bool
|
||||
version:
|
||||
description:
|
||||
- Gateway platform version.
|
||||
type: str
|
||||
vpn:
|
||||
description:
|
||||
- VPN blade enabled.
|
||||
type: bool
|
||||
vpn_settings:
|
||||
description:
|
||||
- Gateway VPN settings.
|
||||
type: dict
|
||||
suboptions:
|
||||
maximum_concurrent_ike_negotiations:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
maximum_concurrent_tunnels:
|
||||
description:
|
||||
- N/A
|
||||
type: int
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-simple-gateway
|
||||
cp_mgmt_simple_gateway:
|
||||
ip_address: 192.0.2.1
|
||||
name: gw1
|
||||
state: present
|
||||
|
||||
- name: set-simple-gateway
|
||||
cp_mgmt_simple_gateway:
|
||||
anti_bot: true
|
||||
anti_virus: true
|
||||
application_control: true
|
||||
ips: true
|
||||
name: test_gateway
|
||||
state: present
|
||||
threat_emulation: true
|
||||
url_filtering: true
|
||||
|
||||
- name: delete-simple-gateway
|
||||
cp_mgmt_simple_gateway:
|
||||
name: gw1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_simple_gateway:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
ip_address=dict(type='str'),
|
||||
ipv4_address=dict(type='str'),
|
||||
ipv6_address=dict(type='str'),
|
||||
anti_bot=dict(type='bool'),
|
||||
anti_virus=dict(type='bool'),
|
||||
application_control=dict(type='bool'),
|
||||
content_awareness=dict(type='bool'),
|
||||
firewall=dict(type='bool'),
|
||||
firewall_settings=dict(type='dict', options=dict(
|
||||
auto_calculate_connections_hash_table_size_and_memory_pool=dict(type='bool'),
|
||||
auto_maximum_limit_for_concurrent_connections=dict(type='bool'),
|
||||
connections_hash_size=dict(type='int'),
|
||||
maximum_limit_for_concurrent_connections=dict(type='int'),
|
||||
maximum_memory_pool_size=dict(type='int'),
|
||||
memory_pool_size=dict(type='int')
|
||||
)),
|
||||
interfaces=dict(type='list', options=dict(
|
||||
name=dict(type='str'),
|
||||
anti_spoofing=dict(type='bool'),
|
||||
anti_spoofing_settings=dict(type='dict', options=dict(
|
||||
action=dict(type='str', choices=['prevent', 'detect'])
|
||||
)),
|
||||
ip_address=dict(type='str'),
|
||||
ipv4_address=dict(type='str'),
|
||||
ipv6_address=dict(type='str'),
|
||||
network_mask=dict(type='str'),
|
||||
ipv4_network_mask=dict(type='str'),
|
||||
ipv6_network_mask=dict(type='str'),
|
||||
mask_length=dict(type='str'),
|
||||
ipv4_mask_length=dict(type='str'),
|
||||
ipv6_mask_length=dict(type='str'),
|
||||
security_zone=dict(type='bool'),
|
||||
security_zone_settings=dict(type='dict', options=dict(
|
||||
auto_calculated=dict(type='bool'),
|
||||
specific_zone=dict(type='str')
|
||||
)),
|
||||
tags=dict(type='list'),
|
||||
topology=dict(type='str', choices=['automatic', 'external', 'internal']),
|
||||
topology_settings=dict(type='dict', options=dict(
|
||||
interface_leads_to_dmz=dict(type='bool'),
|
||||
ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask',
|
||||
'network defined by routing', 'specific']),
|
||||
specific_network=dict(type='str')
|
||||
)),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan',
|
||||
'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue',
|
||||
'firebrick',
|
||||
'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral',
|
||||
'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange',
|
||||
'red',
|
||||
'sienna', 'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)),
|
||||
ips=dict(type='bool'),
|
||||
logs_settings=dict(type='dict', options=dict(
|
||||
alert_when_free_disk_space_below=dict(type='bool'),
|
||||
alert_when_free_disk_space_below_threshold=dict(type='int'),
|
||||
alert_when_free_disk_space_below_type=dict(type='str', choices=['none',
|
||||
'log', 'popup alert', 'mail alert', 'snmp trap alert',
|
||||
'user defined alert no.1',
|
||||
'user defined alert no.2', 'user defined alert no.3']),
|
||||
before_delete_keep_logs_from_the_last_days=dict(type='bool'),
|
||||
before_delete_keep_logs_from_the_last_days_threshold=dict(type='int'),
|
||||
before_delete_run_script=dict(type='bool'),
|
||||
before_delete_run_script_command=dict(type='str'),
|
||||
delete_index_files_older_than_days=dict(type='bool'),
|
||||
delete_index_files_older_than_days_threshold=dict(type='int'),
|
||||
delete_index_files_when_index_size_above=dict(type='bool'),
|
||||
delete_index_files_when_index_size_above_threshold=dict(type='int'),
|
||||
delete_when_free_disk_space_below=dict(type='bool'),
|
||||
delete_when_free_disk_space_below_threshold=dict(type='int'),
|
||||
detect_new_citrix_ica_application_names=dict(type='bool'),
|
||||
forward_logs_to_log_server=dict(type='bool'),
|
||||
forward_logs_to_log_server_name=dict(type='str'),
|
||||
forward_logs_to_log_server_schedule_name=dict(type='str'),
|
||||
free_disk_space_metrics=dict(type='str', choices=['mbytes', 'percent']),
|
||||
perform_log_rotate_before_log_forwarding=dict(type='bool'),
|
||||
reject_connections_when_free_disk_space_below_threshold=dict(type='bool'),
|
||||
reserve_for_packet_capture_metrics=dict(type='str', choices=['percent', 'mbytes']),
|
||||
reserve_for_packet_capture_threshold=dict(type='int'),
|
||||
rotate_log_by_file_size=dict(type='bool'),
|
||||
rotate_log_file_size_threshold=dict(type='int'),
|
||||
rotate_log_on_schedule=dict(type='bool'),
|
||||
rotate_log_schedule_name=dict(type='str'),
|
||||
stop_logging_when_free_disk_space_below=dict(type='bool'),
|
||||
stop_logging_when_free_disk_space_below_threshold=dict(type='int'),
|
||||
turn_on_qos_logging=dict(type='bool'),
|
||||
update_account_log_every=dict(type='int')
|
||||
)),
|
||||
one_time_password=dict(type='str'),
|
||||
os_name=dict(type='str'),
|
||||
save_logs_locally=dict(type='bool'),
|
||||
send_alerts_to_server=dict(type='list'),
|
||||
send_logs_to_backup_server=dict(type='list'),
|
||||
send_logs_to_server=dict(type='list'),
|
||||
tags=dict(type='list'),
|
||||
threat_emulation=dict(type='bool'),
|
||||
threat_extraction=dict(type='bool'),
|
||||
url_filtering=dict(type='bool'),
|
||||
version=dict(type='str'),
|
||||
vpn=dict(type='bool'),
|
||||
vpn_settings=dict(type='dict', options=dict(
|
||||
maximum_concurrent_ike_negotiations=dict(type='int'),
|
||||
maximum_concurrent_tunnels=dict(type='int')
|
||||
)),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral',
|
||||
'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'simple-gateway'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,131 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_simple_gateway_facts
|
||||
short_description: Get simple-gateway objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get simple-gateway objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-simple-gateway
|
||||
cp_mgmt_simple_gateway_facts:
|
||||
name: gw1
|
||||
|
||||
- name: show-simple-gateways
|
||||
cp_mgmt_simple_gateway_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "simple-gateway"
|
||||
api_call_object_plural_version = "simple-gateways"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,125 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_tag
|
||||
short_description: Manages tag objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages tag objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-tag
|
||||
cp_mgmt_tag:
|
||||
name: My New Tag1
|
||||
state: present
|
||||
tags:
|
||||
- tag1
|
||||
- tag2
|
||||
|
||||
- name: delete-tag
|
||||
cp_mgmt_tag:
|
||||
name: My New Tag1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_tag:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'tag'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,123 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_tag_facts
|
||||
short_description: Get tag objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get tag objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-tag
|
||||
cp_mgmt_tag_facts:
|
||||
name: f96b37ec-e22e-4945-8bbf-d37b117914e0
|
||||
|
||||
- name: show-tags
|
||||
cp_mgmt_tag_facts:
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "tag"
|
||||
api_call_object_plural_version = "tags"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,213 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_exception
|
||||
short_description: Manages threat-exception objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages threat-exception objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- The name of the exception.
|
||||
type: str
|
||||
required: True
|
||||
position:
|
||||
description:
|
||||
- Position in the rulebase.
|
||||
type: str
|
||||
exception_group_uid:
|
||||
description:
|
||||
- The UID of the exception-group.
|
||||
type: str
|
||||
exception_group_name:
|
||||
description:
|
||||
- The name of the exception-group.
|
||||
type: str
|
||||
layer:
|
||||
description:
|
||||
- Layer that the rule belongs to identified by the name or UID.
|
||||
type: str
|
||||
rule_name:
|
||||
description:
|
||||
- The name of the parent rule.
|
||||
type: str
|
||||
action:
|
||||
description:
|
||||
- Action-the enforced profile.
|
||||
type: str
|
||||
destination:
|
||||
description:
|
||||
- Collection of Network objects identified by the name or UID.
|
||||
type: list
|
||||
destination_negate:
|
||||
description:
|
||||
- True if negate is set for destination.
|
||||
type: bool
|
||||
enabled:
|
||||
description:
|
||||
- Enable/Disable the rule.
|
||||
type: bool
|
||||
install_on:
|
||||
description:
|
||||
- Which Gateways identified by the name or UID to install the policy on.
|
||||
type: list
|
||||
protected_scope:
|
||||
description:
|
||||
- Collection of objects defining Protected Scope identified by the name or UID.
|
||||
type: list
|
||||
protected_scope_negate:
|
||||
description:
|
||||
- True if negate is set for Protected Scope.
|
||||
type: bool
|
||||
protection_or_site:
|
||||
description:
|
||||
- Name of the protection or site.
|
||||
type: list
|
||||
service:
|
||||
description:
|
||||
- Collection of Network objects identified by the name or UID.
|
||||
type: list
|
||||
service_negate:
|
||||
description:
|
||||
- True if negate is set for Service.
|
||||
type: bool
|
||||
source:
|
||||
description:
|
||||
- Collection of Network objects identified by the name or UID.
|
||||
type: list
|
||||
source_negate:
|
||||
description:
|
||||
- True if negate is set for source.
|
||||
type: bool
|
||||
track:
|
||||
description:
|
||||
- Packet tracking.
|
||||
type: str
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-threat-exception
|
||||
cp_mgmt_threat_exception:
|
||||
layer: New Layer 1
|
||||
name: Exception Rule
|
||||
position: 1
|
||||
protected_scope: All_Internet
|
||||
rule_name: Threat Rule 1
|
||||
state: present
|
||||
track: Log
|
||||
|
||||
- name: set-threat-exception
|
||||
cp_mgmt_threat_exception:
|
||||
layer: New Layer 1
|
||||
name: Exception Rule
|
||||
rule_name: Threat Rule 1
|
||||
state: present
|
||||
|
||||
- name: delete-threat-exception
|
||||
cp_mgmt_threat_exception:
|
||||
name: Exception Rule
|
||||
layer: New Layer 1
|
||||
rule_name: Threat Rule 1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_threat_exception:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
position=dict(type='str'),
|
||||
exception_group_uid=dict(type='str'),
|
||||
exception_group_name=dict(type='str'),
|
||||
layer=dict(type='str'),
|
||||
rule_name=dict(type='str'),
|
||||
action=dict(type='str'),
|
||||
destination=dict(type='list'),
|
||||
destination_negate=dict(type='bool'),
|
||||
enabled=dict(type='bool'),
|
||||
install_on=dict(type='list'),
|
||||
protected_scope=dict(type='list'),
|
||||
protected_scope_negate=dict(type='bool'),
|
||||
protection_or_site=dict(type='list'),
|
||||
service=dict(type='list'),
|
||||
service_negate=dict(type='bool'),
|
||||
source=dict(type='list'),
|
||||
source_negate=dict(type='bool'),
|
||||
track=dict(type='str'),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'threat-exception'
|
||||
|
||||
if module.params['position'] is None:
|
||||
result = api_call(module, api_call_object)
|
||||
else:
|
||||
result = api_call_for_rule(module, api_call_object)
|
||||
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,222 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_exception_facts
|
||||
short_description: Get threat-exception objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get threat-exception objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- The name of the layer containing the parent threat rule.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: str
|
||||
exception_group_uid:
|
||||
description:
|
||||
- The UID of the exception-group.
|
||||
type: str
|
||||
exception_group_name:
|
||||
description:
|
||||
- The name of the exception-group.
|
||||
type: str
|
||||
layer:
|
||||
description:
|
||||
- Layer that the rule belongs to identified by the name or UID.
|
||||
type: str
|
||||
rule_name:
|
||||
description:
|
||||
- The name of the parent rule.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
filter:
|
||||
description:
|
||||
- Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical
|
||||
operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
|
||||
type: str
|
||||
filter_settings:
|
||||
description:
|
||||
- Sets filter preferences.
|
||||
type: dict
|
||||
suboptions:
|
||||
search_mode:
|
||||
description:
|
||||
- When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any'
|
||||
object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell
|
||||
or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
|
||||
type: str
|
||||
choices: ['general', 'packet']
|
||||
packet_search_settings:
|
||||
description:
|
||||
- When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
|
||||
type: dict
|
||||
suboptions:
|
||||
expand_group_members:
|
||||
description:
|
||||
- When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at
|
||||
least one member of the group.
|
||||
type: bool
|
||||
expand_group_with_exclusion_members:
|
||||
description:
|
||||
- When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that
|
||||
match at least one member of the "include" part and is not a member of the "except" part.
|
||||
type: bool
|
||||
match_on_any:
|
||||
description:
|
||||
- Whether to match on 'Any' object.
|
||||
type: bool
|
||||
match_on_group_with_exclusion:
|
||||
description:
|
||||
- Whether to match on a group-with-exclusion.
|
||||
type: bool
|
||||
match_on_negate:
|
||||
description:
|
||||
- Whether to match on a negated cell.
|
||||
type: bool
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
package:
|
||||
description:
|
||||
- Name of the package.
|
||||
type: str
|
||||
use_object_dictionary:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
dereference_group_members:
|
||||
description:
|
||||
- Indicates whether to dereference "members" field by details level for every object in reply.
|
||||
type: bool
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-threat-exception
|
||||
cp_mgmt_threat_exception_facts:
|
||||
name: Exception Rule
|
||||
layer: New Layer 1
|
||||
rule_name: Threat Rule 1
|
||||
|
||||
- name: show-threat-rule-exception-rulebase
|
||||
cp_mgmt_threat_exception_facts:
|
||||
name: Standard Threat Prevention
|
||||
rule_name: Threat Rule 1
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
exception_group_uid=dict(type='str'),
|
||||
exception_group_name=dict(type='str'),
|
||||
layer=dict(type='str'),
|
||||
rule_name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
filter=dict(type='str'),
|
||||
filter_settings=dict(type='dict', options=dict(
|
||||
search_mode=dict(type='str', choices=['general', 'packet']),
|
||||
packet_search_settings=dict(type='dict', options=dict(
|
||||
expand_group_members=dict(type='bool'),
|
||||
expand_group_with_exclusion_members=dict(type='bool'),
|
||||
match_on_any=dict(type='bool'),
|
||||
match_on_group_with_exclusion=dict(type='bool'),
|
||||
match_on_negate=dict(type='bool')
|
||||
))
|
||||
)),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
package=dict(type='str'),
|
||||
use_object_dictionary=dict(type='bool'),
|
||||
dereference_group_members=dict(type='bool'),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "threat-exception"
|
||||
api_call_object_plural_version = "threat-rule-exception-rulebase"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,271 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_indicator
|
||||
short_description: Manages threat-indicator objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages threat-indicator objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
observables:
|
||||
description:
|
||||
- The indicator's observables.
|
||||
type: list
|
||||
suboptions:
|
||||
name:
|
||||
description:
|
||||
- Object name. Should be unique in the domain.
|
||||
type: str
|
||||
md5:
|
||||
description:
|
||||
- A valid MD5 sequence.
|
||||
type: str
|
||||
url:
|
||||
description:
|
||||
- A valid URL.
|
||||
type: str
|
||||
ip_address:
|
||||
description:
|
||||
- A valid IP-Address.
|
||||
type: str
|
||||
ip_address_first:
|
||||
description:
|
||||
- A valid IP-Address, the beginning of the range. If you configure this parameter with a value, you must also configure the value of the
|
||||
'ip-address-last' parameter.
|
||||
type: str
|
||||
ip_address_last:
|
||||
description:
|
||||
- A valid IP-Address, the end of the range. If you configure this parameter with a value, you must also configure the value of the
|
||||
'ip-address-first' parameter.
|
||||
type: str
|
||||
domain:
|
||||
description:
|
||||
- The name of a domain.
|
||||
type: str
|
||||
mail_to:
|
||||
description:
|
||||
- A valid E-Mail address, recipient filed.
|
||||
type: str
|
||||
mail_from:
|
||||
description:
|
||||
- A valid E-Mail address, sender field.
|
||||
type: str
|
||||
mail_cc:
|
||||
description:
|
||||
- A valid E-Mail address, cc field.
|
||||
type: str
|
||||
mail_reply_to:
|
||||
description:
|
||||
- A valid E-Mail address, reply-to field.
|
||||
type: str
|
||||
mail_subject:
|
||||
description:
|
||||
- Subject of E-Mail.
|
||||
type: str
|
||||
confidence:
|
||||
description:
|
||||
- The confidence level the indicator has that a real threat has been uncovered.
|
||||
type: str
|
||||
choices: ['low', 'medium', 'high', 'critical']
|
||||
product:
|
||||
description:
|
||||
- The software blade that processes the observable, AV - AntiVirus, AB - AntiBot.
|
||||
type: str
|
||||
choices: ['AV', 'AB']
|
||||
severity:
|
||||
description:
|
||||
- The severity level of the threat.
|
||||
type: str
|
||||
choices: ['low', 'medium', 'high', 'critical']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
observables_raw_data:
|
||||
description:
|
||||
- The contents of a file containing the indicator's observables.
|
||||
type: str
|
||||
action:
|
||||
description:
|
||||
- The indicator's action.
|
||||
type: str
|
||||
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
|
||||
profile_overrides:
|
||||
description:
|
||||
- Profiles in which to override the indicator's default action.
|
||||
type: list
|
||||
suboptions:
|
||||
action:
|
||||
description:
|
||||
- The indicator's action in this profile.
|
||||
type: str
|
||||
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
|
||||
profile:
|
||||
description:
|
||||
- The profile in which to override the indicator's action.
|
||||
type: str
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-threat-indicator
|
||||
cp_mgmt_threat_indicator:
|
||||
action: ask
|
||||
ignore_warnings: true
|
||||
name: My_Indicator
|
||||
observables:
|
||||
- confidence: medium
|
||||
mail_to: someone@somewhere.com
|
||||
name: My_Observable
|
||||
product: AV
|
||||
severity: low
|
||||
profile_overrides:
|
||||
- action: detect
|
||||
profile: My_Profile
|
||||
state: present
|
||||
|
||||
- name: set-threat-indicator
|
||||
cp_mgmt_threat_indicator:
|
||||
action: prevent
|
||||
ignore_warnings: true
|
||||
name: My_Indicator
|
||||
state: present
|
||||
|
||||
- name: delete-threat-indicator
|
||||
cp_mgmt_threat_indicator:
|
||||
name: My_Indicator
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_threat_indicator:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
observables=dict(type='list', options=dict(
|
||||
name=dict(type='str'),
|
||||
md5=dict(type='str'),
|
||||
url=dict(type='str'),
|
||||
ip_address=dict(type='str'),
|
||||
ip_address_first=dict(type='str'),
|
||||
ip_address_last=dict(type='str'),
|
||||
domain=dict(type='str'),
|
||||
mail_to=dict(type='str'),
|
||||
mail_from=dict(type='str'),
|
||||
mail_cc=dict(type='str'),
|
||||
mail_reply_to=dict(type='str'),
|
||||
mail_subject=dict(type='str'),
|
||||
confidence=dict(type='str', choices=['low', 'medium', 'high', 'critical']),
|
||||
product=dict(type='str', choices=['AV', 'AB']),
|
||||
severity=dict(type='str', choices=['low', 'medium', 'high', 'critical']),
|
||||
comments=dict(type='str'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)),
|
||||
observables_raw_data=dict(type='str'),
|
||||
action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
|
||||
profile_overrides=dict(type='list', options=dict(
|
||||
action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
|
||||
profile=dict(type='str')
|
||||
)),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'threat-indicator'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,123 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_indicator_facts
|
||||
short_description: Get threat-indicator objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get threat-indicator objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-threat-indicator
|
||||
cp_mgmt_threat_indicator_facts:
|
||||
name: My_Indicator
|
||||
|
||||
- name: show-threat-indicators
|
||||
cp_mgmt_threat_indicator_facts:
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "threat-indicator"
|
||||
api_call_object_plural_version = "threat-indicators"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,127 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_layer
|
||||
short_description: Manages threat-layer objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages threat-layer objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
add_default_rule:
|
||||
description:
|
||||
- Indicates whether to include a default rule in the new layer.
|
||||
type: bool
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-threat-layer
|
||||
cp_mgmt_threat_layer:
|
||||
name: New Layer 1
|
||||
state: present
|
||||
|
||||
- name: delete-threat-layer
|
||||
cp_mgmt_threat_layer:
|
||||
name: New Layer 2
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_threat_layer:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
add_default_rule=dict(type='bool'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'threat-layer'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,126 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_layer_facts
|
||||
short_description: Get threat-layer objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get threat-layer objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-threat-layer
|
||||
cp_mgmt_threat_layer_facts:
|
||||
name: New Layer 1
|
||||
|
||||
- name: show-threat-layers
|
||||
cp_mgmt_threat_layer_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "threat-layer"
|
||||
api_call_object_plural_version = "threat-layers"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,400 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_profile
|
||||
short_description: Manages threat-profile objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages threat-profile objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
active_protections_performance_impact:
|
||||
description:
|
||||
- Protections with this performance impact only will be activated in the profile.
|
||||
type: str
|
||||
choices: ['high', 'medium', 'low', 'very_low']
|
||||
active_protections_severity:
|
||||
description:
|
||||
- Protections with this severity only will be activated in the profile.
|
||||
type: str
|
||||
choices: ['Critical', 'High', 'Medium or above', 'Low or above']
|
||||
confidence_level_high:
|
||||
description:
|
||||
- Action for protections with high confidence level.
|
||||
type: str
|
||||
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
|
||||
confidence_level_low:
|
||||
description:
|
||||
- Action for protections with low confidence level.
|
||||
type: str
|
||||
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
|
||||
confidence_level_medium:
|
||||
description:
|
||||
- Action for protections with medium confidence level.
|
||||
type: str
|
||||
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
|
||||
indicator_overrides:
|
||||
description:
|
||||
- Indicators whose action will be overridden in this profile.
|
||||
type: list
|
||||
suboptions:
|
||||
action:
|
||||
description:
|
||||
- The indicator's action in this profile.
|
||||
type: str
|
||||
choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
|
||||
indicator:
|
||||
description:
|
||||
- The indicator whose action is to be overridden.
|
||||
type: str
|
||||
ips_settings:
|
||||
description:
|
||||
- IPS blade settings.
|
||||
type: dict
|
||||
suboptions:
|
||||
exclude_protection_with_performance_impact:
|
||||
description:
|
||||
- Whether to exclude protections depending on their level of performance impact.
|
||||
type: bool
|
||||
exclude_protection_with_performance_impact_mode:
|
||||
description:
|
||||
- Exclude protections with this level of performance impact.
|
||||
type: str
|
||||
choices: ['very low', 'low or lower', 'medium or lower', 'high or lower']
|
||||
exclude_protection_with_severity:
|
||||
description:
|
||||
- Whether to exclude protections depending on their level of severity.
|
||||
type: bool
|
||||
exclude_protection_with_severity_mode:
|
||||
description:
|
||||
- Exclude protections with this level of severity.
|
||||
type: str
|
||||
choices: ['low or above', 'medium or above', 'high or above', 'critical']
|
||||
newly_updated_protections:
|
||||
description:
|
||||
- Activation of newly updated protections.
|
||||
type: str
|
||||
choices: ['active', 'inactive', 'staging']
|
||||
malicious_mail_policy_settings:
|
||||
description:
|
||||
- Malicious Mail Policy for MTA Gateways.
|
||||
type: dict
|
||||
suboptions:
|
||||
add_customized_text_to_email_body:
|
||||
description:
|
||||
- Add customized text to the malicious email body.
|
||||
type: bool
|
||||
add_email_subject_prefix:
|
||||
description:
|
||||
- Add a prefix to the malicious email subject.
|
||||
type: bool
|
||||
add_x_header_to_email:
|
||||
description:
|
||||
- Add an X-Header to the malicious email.
|
||||
type: bool
|
||||
email_action:
|
||||
description:
|
||||
- Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and
|
||||
links, add x-header, etc...).
|
||||
type: str
|
||||
choices: ['allow', 'block']
|
||||
email_body_customized_text:
|
||||
description:
|
||||
- Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict.
|
||||
type: str
|
||||
email_subject_prefix_text:
|
||||
description:
|
||||
- Prefix for the malicious email subject.
|
||||
type: str
|
||||
failed_to_scan_attachments_text:
|
||||
description:
|
||||
- Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file
|
||||
name.<br> $md5$ - MD5 of the malicious file.
|
||||
type: str
|
||||
malicious_attachments_text:
|
||||
description:
|
||||
- Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ -
|
||||
MD5 of the malicious file.
|
||||
type: str
|
||||
malicious_links_text:
|
||||
description:
|
||||
- Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link.
|
||||
type: str
|
||||
remove_attachments_and_links:
|
||||
description:
|
||||
- Remove attachments and links from the malicious email.
|
||||
type: bool
|
||||
send_copy:
|
||||
description:
|
||||
- Send a copy of the malicious email to the recipient list.
|
||||
type: bool
|
||||
send_copy_list:
|
||||
description:
|
||||
- Recipient list to send a copy of the malicious email.
|
||||
type: list
|
||||
overrides:
|
||||
description:
|
||||
- Overrides per profile for this protection.
|
||||
type: list
|
||||
suboptions:
|
||||
action:
|
||||
description:
|
||||
- Protection action.
|
||||
type: str
|
||||
choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']
|
||||
protection:
|
||||
description:
|
||||
- IPS protection identified by name or UID.
|
||||
type: str
|
||||
capture_packets:
|
||||
description:
|
||||
- Capture packets.
|
||||
type: bool
|
||||
track:
|
||||
description:
|
||||
- Tracking method for protection.
|
||||
type: str
|
||||
choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
use_indicators:
|
||||
description:
|
||||
- Indicates whether the profile should make use of indicators.
|
||||
type: bool
|
||||
anti_bot:
|
||||
description:
|
||||
- Is Anti-Bot blade activated.
|
||||
type: bool
|
||||
anti_virus:
|
||||
description:
|
||||
- Is Anti-Virus blade activated.
|
||||
type: bool
|
||||
ips:
|
||||
description:
|
||||
- Is IPS blade activated.
|
||||
type: bool
|
||||
threat_emulation:
|
||||
description:
|
||||
- Is Threat Emulation blade activated.
|
||||
type: bool
|
||||
activate_protections_by_extended_attributes:
|
||||
description:
|
||||
- Activate protections by these extended attributes.
|
||||
type: list
|
||||
suboptions:
|
||||
name:
|
||||
description:
|
||||
- IPS tag name.
|
||||
type: str
|
||||
category:
|
||||
description:
|
||||
- IPS tag category name.
|
||||
type: str
|
||||
deactivate_protections_by_extended_attributes:
|
||||
description:
|
||||
- Deactivate protections by these extended attributes.
|
||||
type: list
|
||||
suboptions:
|
||||
name:
|
||||
description:
|
||||
- IPS tag name.
|
||||
type: str
|
||||
category:
|
||||
description:
|
||||
- IPS tag category name.
|
||||
type: str
|
||||
use_extended_attributes:
|
||||
description:
|
||||
- Whether to activate/deactivate IPS protections according to the extended attributes.
|
||||
type: bool
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-threat-profile
|
||||
cp_mgmt_threat_profile:
|
||||
active_protections_performance_impact: low
|
||||
active_protections_severity: low or above
|
||||
anti_bot: true
|
||||
anti_virus: true
|
||||
confidence_level_high: prevent
|
||||
confidence_level_medium: prevent
|
||||
ips: true
|
||||
ips_settings:
|
||||
exclude_protection_with_performance_impact: true
|
||||
exclude_protection_with_performance_impact_mode: high or lower
|
||||
newly_updated_protections: staging
|
||||
name: New Profile 1
|
||||
state: present
|
||||
threat_emulation: true
|
||||
|
||||
- name: set-threat-profile
|
||||
cp_mgmt_threat_profile:
|
||||
active_protections_performance_impact: low
|
||||
active_protections_severity: low or above
|
||||
anti_bot: true
|
||||
anti_virus: false
|
||||
comments: update recommended profile
|
||||
confidence_level_high: prevent
|
||||
confidence_level_low: prevent
|
||||
confidence_level_medium: prevent
|
||||
ips: false
|
||||
ips_settings:
|
||||
exclude_protection_with_performance_impact: true
|
||||
exclude_protection_with_performance_impact_mode: high or lower
|
||||
newly_updated_protections: active
|
||||
name: New Profile 1
|
||||
state: present
|
||||
threat_emulation: true
|
||||
|
||||
- name: delete-threat-profile
|
||||
cp_mgmt_threat_profile:
|
||||
name: New Profile 1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_threat_profile:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
active_protections_performance_impact=dict(type='str', choices=['high', 'medium', 'low', 'very_low']),
|
||||
active_protections_severity=dict(type='str', choices=['Critical', 'High', 'Medium or above', 'Low or above']),
|
||||
confidence_level_high=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
|
||||
confidence_level_low=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
|
||||
confidence_level_medium=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
|
||||
indicator_overrides=dict(type='list', options=dict(
|
||||
action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
|
||||
indicator=dict(type='str')
|
||||
)),
|
||||
ips_settings=dict(type='dict', options=dict(
|
||||
exclude_protection_with_performance_impact=dict(type='bool'),
|
||||
exclude_protection_with_performance_impact_mode=dict(type='str', choices=['very low', 'low or lower', 'medium or lower', 'high or lower']),
|
||||
exclude_protection_with_severity=dict(type='bool'),
|
||||
exclude_protection_with_severity_mode=dict(type='str', choices=['low or above', 'medium or above', 'high or above', 'critical']),
|
||||
newly_updated_protections=dict(type='str', choices=['active', 'inactive', 'staging'])
|
||||
)),
|
||||
malicious_mail_policy_settings=dict(type='dict', options=dict(
|
||||
add_customized_text_to_email_body=dict(type='bool'),
|
||||
add_email_subject_prefix=dict(type='bool'),
|
||||
add_x_header_to_email=dict(type='bool'),
|
||||
email_action=dict(type='str', choices=['allow', 'block']),
|
||||
email_body_customized_text=dict(type='str'),
|
||||
email_subject_prefix_text=dict(type='str'),
|
||||
failed_to_scan_attachments_text=dict(type='str'),
|
||||
malicious_attachments_text=dict(type='str'),
|
||||
malicious_links_text=dict(type='str'),
|
||||
remove_attachments_and_links=dict(type='bool'),
|
||||
send_copy=dict(type='bool'),
|
||||
send_copy_list=dict(type='list')
|
||||
)),
|
||||
overrides=dict(type='list', options=dict(
|
||||
action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']),
|
||||
protection=dict(type='str'),
|
||||
capture_packets=dict(type='bool'),
|
||||
track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'])
|
||||
)),
|
||||
tags=dict(type='list'),
|
||||
use_indicators=dict(type='bool'),
|
||||
anti_bot=dict(type='bool'),
|
||||
anti_virus=dict(type='bool'),
|
||||
ips=dict(type='bool'),
|
||||
threat_emulation=dict(type='bool'),
|
||||
activate_protections_by_extended_attributes=dict(type='list', options=dict(
|
||||
name=dict(type='str'),
|
||||
category=dict(type='str')
|
||||
)),
|
||||
deactivate_protections_by_extended_attributes=dict(type='list', options=dict(
|
||||
name=dict(type='str'),
|
||||
category=dict(type='str')
|
||||
)),
|
||||
use_extended_attributes=dict(type='bool'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'threat-profile'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,126 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_profile_facts
|
||||
short_description: Get threat-profile objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get threat-profile objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-threat-profile
|
||||
cp_mgmt_threat_profile_facts:
|
||||
name: Recommended_Profile
|
||||
|
||||
- name: show-threat-profiles
|
||||
cp_mgmt_threat_profile_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "threat-profile"
|
||||
api_call_object_plural_version = "threat-profiles"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,130 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_protection_override
|
||||
short_description: Edit existing object using object name or uid.
|
||||
description:
|
||||
- Edit existing object using object name or uid.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
comments:
|
||||
description:
|
||||
- Protection comments.
|
||||
type: str
|
||||
follow_up:
|
||||
description:
|
||||
- Tag the protection with pre-defined follow-up flag.
|
||||
type: bool
|
||||
overrides:
|
||||
description:
|
||||
- Overrides per profile for this protection<br> Note, Remove override for Core protections removes only the action's override. Remove override
|
||||
for Threat Cloud protections removes the action, track and packet captures.
|
||||
type: list
|
||||
suboptions:
|
||||
action:
|
||||
description:
|
||||
- Protection action.
|
||||
type: str
|
||||
choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']
|
||||
profile:
|
||||
description:
|
||||
- Profile name.
|
||||
type: str
|
||||
capture_packets:
|
||||
description:
|
||||
- Capture packets.
|
||||
type: bool
|
||||
track:
|
||||
description:
|
||||
- Tracking method for protection.
|
||||
type: str
|
||||
choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
extends_documentation_fragment: checkpoint_commands
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: threat_protection_override
|
||||
cp_mgmt_threat_protection_override:
|
||||
name: FTP Commands
|
||||
overrides:
|
||||
- action: inactive
|
||||
capture_packets: true
|
||||
profile: New Profile 1
|
||||
track: None
|
||||
state: present
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_threat_protection_override:
|
||||
description: The checkpoint threat_protection_override output.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
comments=dict(type='str'),
|
||||
follow_up=dict(type='bool'),
|
||||
overrides=dict(type='list', options=dict(
|
||||
action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']),
|
||||
profile=dict(type='str'),
|
||||
capture_packets=dict(type='bool'),
|
||||
track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'])
|
||||
)),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full'])
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_commands)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
command = "set-threat-protection"
|
||||
|
||||
result = api_command(module, command)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,209 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_rule
|
||||
short_description: Manages threat-rule objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages threat-rule objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
position:
|
||||
description:
|
||||
- Position in the rulebase.
|
||||
type: str
|
||||
layer:
|
||||
description:
|
||||
- Layer that the rule belongs to identified by the name or UID.
|
||||
type: str
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
action:
|
||||
description:
|
||||
- Action-the enforced profile.
|
||||
type: str
|
||||
destination:
|
||||
description:
|
||||
- Collection of Network objects identified by the name or UID.
|
||||
type: list
|
||||
destination_negate:
|
||||
description:
|
||||
- True if negate is set for destination.
|
||||
type: bool
|
||||
enabled:
|
||||
description:
|
||||
- Enable/Disable the rule.
|
||||
type: bool
|
||||
install_on:
|
||||
description:
|
||||
- Which Gateways identified by the name or UID to install the policy on.
|
||||
type: list
|
||||
protected_scope:
|
||||
description:
|
||||
- Collection of objects defining Protected Scope identified by the name or UID.
|
||||
type: list
|
||||
protected_scope_negate:
|
||||
description:
|
||||
- True if negate is set for Protected Scope.
|
||||
type: bool
|
||||
service:
|
||||
description:
|
||||
- Collection of Network objects identified by the name or UID.
|
||||
type: list
|
||||
service_negate:
|
||||
description:
|
||||
- True if negate is set for Service.
|
||||
type: bool
|
||||
source:
|
||||
description:
|
||||
- Collection of Network objects identified by the name or UID.
|
||||
type: list
|
||||
source_negate:
|
||||
description:
|
||||
- True if negate is set for source.
|
||||
type: bool
|
||||
track:
|
||||
description:
|
||||
- Packet tracking.
|
||||
type: str
|
||||
track_settings:
|
||||
description:
|
||||
- Threat rule track settings.
|
||||
type: dict
|
||||
suboptions:
|
||||
packet_capture:
|
||||
description:
|
||||
- Packet capture.
|
||||
type: bool
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-threat-rule
|
||||
cp_mgmt_threat_rule:
|
||||
comments: ''
|
||||
install_on: Policy Targets
|
||||
layer: New Layer 1
|
||||
name: First threat rule
|
||||
position: 1
|
||||
protected_scope: All_Internet
|
||||
state: present
|
||||
track: None
|
||||
|
||||
- name: set-threat-rule
|
||||
cp_mgmt_threat_rule:
|
||||
action: New Profile 1
|
||||
comments: commnet for the first rule
|
||||
install_on: Policy Targets
|
||||
layer: New Layer 1
|
||||
name: Rule Name
|
||||
position: 1
|
||||
protected_scope: All_Internet
|
||||
state: present
|
||||
|
||||
- name: delete-threat-rule
|
||||
cp_mgmt_threat_rule:
|
||||
layer: New Layer 1
|
||||
name: Rule Name
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_threat_rule:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
position=dict(type='str'),
|
||||
layer=dict(type='str'),
|
||||
name=dict(type='str', required=True),
|
||||
action=dict(type='str'),
|
||||
destination=dict(type='list'),
|
||||
destination_negate=dict(type='bool'),
|
||||
enabled=dict(type='bool'),
|
||||
install_on=dict(type='list'),
|
||||
protected_scope=dict(type='list'),
|
||||
protected_scope_negate=dict(type='bool'),
|
||||
service=dict(type='list'),
|
||||
service_negate=dict(type='bool'),
|
||||
source=dict(type='list'),
|
||||
source_negate=dict(type='bool'),
|
||||
track=dict(type='str'),
|
||||
track_settings=dict(type='dict', options=dict(
|
||||
packet_capture=dict(type='bool')
|
||||
)),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'threat-rule'
|
||||
|
||||
if module.params['position'] is None:
|
||||
result = api_call(module, api_call_object)
|
||||
else:
|
||||
result = api_call_for_rule(module, api_call_object)
|
||||
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,209 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_threat_rule_facts
|
||||
short_description: Get threat-rule objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get threat-rule objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name. Should be unique in the domain.
|
||||
type: str
|
||||
layer:
|
||||
description:
|
||||
- Layer that the rule belongs to identified by the name or UID.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
filter:
|
||||
description:
|
||||
- Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical
|
||||
operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
|
||||
type: str
|
||||
filter_settings:
|
||||
description:
|
||||
- Sets filter preferences.
|
||||
type: dict
|
||||
suboptions:
|
||||
search_mode:
|
||||
description:
|
||||
- When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any'
|
||||
object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell
|
||||
or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
|
||||
type: str
|
||||
choices: ['general', 'packet']
|
||||
packet_search_settings:
|
||||
description:
|
||||
- When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
|
||||
type: dict
|
||||
suboptions:
|
||||
expand_group_members:
|
||||
description:
|
||||
- When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at
|
||||
least one member of the group.
|
||||
type: bool
|
||||
expand_group_with_exclusion_members:
|
||||
description:
|
||||
- When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that
|
||||
match at least one member of the "include" part and is not a member of the "except" part.
|
||||
type: bool
|
||||
match_on_any:
|
||||
description:
|
||||
- Whether to match on 'Any' object.
|
||||
type: bool
|
||||
match_on_group_with_exclusion:
|
||||
description:
|
||||
- Whether to match on a group-with-exclusion.
|
||||
type: bool
|
||||
match_on_negate:
|
||||
description:
|
||||
- Whether to match on a negated cell.
|
||||
type: bool
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
package:
|
||||
description:
|
||||
- Name of the package.
|
||||
type: str
|
||||
use_object_dictionary:
|
||||
description:
|
||||
- N/A
|
||||
type: bool
|
||||
dereference_group_members:
|
||||
description:
|
||||
- Indicates whether to dereference "members" field by details level for every object in reply.
|
||||
type: bool
|
||||
show_membership:
|
||||
description:
|
||||
- Indicates whether to calculate and show "groups" field for every object in reply.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-threat-rule
|
||||
cp_mgmt_threat_rule_facts:
|
||||
layer: New Layer 1
|
||||
name: Rule Name
|
||||
|
||||
- name: show-threat-rulebase
|
||||
cp_mgmt_threat_rule_facts:
|
||||
details_level: standard
|
||||
filter: ''
|
||||
limit: 20
|
||||
name: Threat Prevention
|
||||
offset: 0
|
||||
use_object_dictionary: false
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
layer=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
filter=dict(type='str'),
|
||||
filter_settings=dict(type='dict', options=dict(
|
||||
search_mode=dict(type='str', choices=['general', 'packet']),
|
||||
packet_search_settings=dict(type='dict', options=dict(
|
||||
expand_group_members=dict(type='bool'),
|
||||
expand_group_with_exclusion_members=dict(type='bool'),
|
||||
match_on_any=dict(type='bool'),
|
||||
match_on_group_with_exclusion=dict(type='bool'),
|
||||
match_on_negate=dict(type='bool')
|
||||
))
|
||||
)),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
)),
|
||||
package=dict(type='str'),
|
||||
use_object_dictionary=dict(type='bool'),
|
||||
dereference_group_members=dict(type='bool'),
|
||||
show_membership=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "threat-rule"
|
||||
api_call_object_plural_version = "threat-rulebase"
|
||||
|
||||
result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,280 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_time
|
||||
short_description: Manages time objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages time objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
end:
|
||||
description:
|
||||
- End time. Note, Each gateway may interpret this time differently according to its time zone.
|
||||
type: dict
|
||||
suboptions:
|
||||
date:
|
||||
description:
|
||||
- Date in format dd-MMM-yyyy.
|
||||
type: str
|
||||
iso_8601:
|
||||
description:
|
||||
- Date and time represented in international ISO 8601 format. Time zone information is ignored.
|
||||
type: str
|
||||
posix:
|
||||
description:
|
||||
- Number of milliseconds that have elapsed since 00,00,00, 1 January 1970.
|
||||
type: int
|
||||
time:
|
||||
description:
|
||||
- Time in format HH,mm.
|
||||
type: str
|
||||
end_never:
|
||||
description:
|
||||
- End never.
|
||||
type: bool
|
||||
hours_ranges:
|
||||
description:
|
||||
- Hours recurrence. Note, Each gateway may interpret this time differently according to its time zone.
|
||||
type: list
|
||||
suboptions:
|
||||
enabled:
|
||||
description:
|
||||
- Is hour range enabled.
|
||||
type: bool
|
||||
from:
|
||||
description:
|
||||
- Time in format HH,MM.
|
||||
type: str
|
||||
index:
|
||||
description:
|
||||
- Hour range index.
|
||||
type: int
|
||||
to:
|
||||
description:
|
||||
- Time in format HH,MM.
|
||||
type: str
|
||||
start:
|
||||
description:
|
||||
- Starting time. Note, Each gateway may interpret this time differently according to its time zone.
|
||||
type: dict
|
||||
suboptions:
|
||||
date:
|
||||
description:
|
||||
- Date in format dd-MMM-yyyy.
|
||||
type: str
|
||||
iso_8601:
|
||||
description:
|
||||
- Date and time represented in international ISO 8601 format. Time zone information is ignored.
|
||||
type: str
|
||||
posix:
|
||||
description:
|
||||
- Number of milliseconds that have elapsed since 00,00,00, 1 January 1970.
|
||||
type: int
|
||||
time:
|
||||
description:
|
||||
- Time in format HH,mm.
|
||||
type: str
|
||||
start_now:
|
||||
description:
|
||||
- Start immediately.
|
||||
type: bool
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
recurrence:
|
||||
description:
|
||||
- Days recurrence.
|
||||
type: dict
|
||||
suboptions:
|
||||
days:
|
||||
description:
|
||||
- Valid on specific days. Multiple options, support range of days in months. Example,["1","3","9-20"].
|
||||
type: list
|
||||
month:
|
||||
description:
|
||||
- Valid on month. Example, "1", "2","12","Any".
|
||||
type: str
|
||||
pattern:
|
||||
description:
|
||||
- Valid on "Daily", "Weekly", "Monthly" base.
|
||||
type: str
|
||||
weekdays:
|
||||
description:
|
||||
- Valid on weekdays. Example, "Sun", "Mon"..."Sat".
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-time
|
||||
cp_mgmt_time:
|
||||
end:
|
||||
date: 24-Nov-2014
|
||||
time: '21:22'
|
||||
end_never: 'false'
|
||||
hours_ranges:
|
||||
- enabled: true
|
||||
from: 00:00
|
||||
index: 1
|
||||
to: 00:00
|
||||
- enabled: false
|
||||
from: 00:00
|
||||
index: 2
|
||||
to: 00:00
|
||||
name: timeObject1
|
||||
recurrence:
|
||||
days:
|
||||
- '1'
|
||||
month: Any
|
||||
pattern: Daily
|
||||
weekdays:
|
||||
- Sun
|
||||
- Mon
|
||||
start_now: 'true'
|
||||
state: present
|
||||
|
||||
- name: set-time
|
||||
cp_mgmt_time:
|
||||
hours_ranges:
|
||||
- from: 00:22
|
||||
to: 00:33
|
||||
name: timeObject1
|
||||
recurrence:
|
||||
month: Any
|
||||
pattern: Weekly
|
||||
weekdays:
|
||||
- Fri
|
||||
state: present
|
||||
|
||||
- name: delete-time
|
||||
cp_mgmt_time:
|
||||
name: timeObject1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_time:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
end=dict(type='dict', options=dict(
|
||||
date=dict(type='str'),
|
||||
iso_8601=dict(type='str'),
|
||||
posix=dict(type='int'),
|
||||
time=dict(type='str')
|
||||
)),
|
||||
end_never=dict(type='bool'),
|
||||
hours_ranges=dict(type='list', options=dict(
|
||||
enabled=dict(type='bool'),
|
||||
index=dict(type='int'),
|
||||
to=dict(type='str')
|
||||
)),
|
||||
start=dict(type='dict', options=dict(
|
||||
date=dict(type='str'),
|
||||
iso_8601=dict(type='str'),
|
||||
posix=dict(type='int'),
|
||||
time=dict(type='str')
|
||||
)),
|
||||
start_now=dict(type='bool'),
|
||||
tags=dict(type='list'),
|
||||
recurrence=dict(type='dict', options=dict(
|
||||
days=dict(type='list'),
|
||||
month=dict(type='str'),
|
||||
pattern=dict(type='str'),
|
||||
weekdays=dict(type='list')
|
||||
)),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec['hours_ranges']['options']['from'] = dict(type='str')
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'time'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,126 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_time_facts
|
||||
short_description: Get time objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get time objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-time
|
||||
cp_mgmt_time_facts:
|
||||
name: timeObject1
|
||||
|
||||
- name: show-times
|
||||
cp_mgmt_time_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "time"
|
||||
api_call_object_plural_version = "times"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,77 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_verify_policy
|
||||
short_description: Verifies the policy of the selected package.
|
||||
description:
|
||||
- Verifies the policy of the selected package.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
policy_package:
|
||||
description:
|
||||
- Policy package identified by the name or UID.
|
||||
type: str
|
||||
extends_documentation_fragment: checkpoint_commands
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: verify-policy
|
||||
cp_mgmt_verify_policy:
|
||||
policy_package: standard
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_verify_policy:
|
||||
description: The checkpoint verify-policy output.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_commands, api_command
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
policy_package=dict(type='str')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_commands)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
command = "verify-policy"
|
||||
|
||||
result = api_command(module, command)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,229 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_vpn_community_meshed
|
||||
short_description: Manages vpn-community-meshed objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages vpn-community-meshed objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
encryption_method:
|
||||
description:
|
||||
- The encryption method to be used.
|
||||
type: str
|
||||
choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']
|
||||
encryption_suite:
|
||||
description:
|
||||
- The encryption suite to be used.
|
||||
type: str
|
||||
choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']
|
||||
gateways:
|
||||
description:
|
||||
- Collection of Gateway objects identified by the name or UID.
|
||||
type: list
|
||||
ike_phase_1:
|
||||
description:
|
||||
- Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom].
|
||||
type: dict
|
||||
suboptions:
|
||||
data_integrity:
|
||||
description:
|
||||
- The hash algorithm to be used.
|
||||
type: str
|
||||
choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']
|
||||
diffie_hellman_group:
|
||||
description:
|
||||
- The Diffie-Hellman group to be used.
|
||||
type: str
|
||||
choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']
|
||||
encryption_algorithm:
|
||||
description:
|
||||
- The encryption algorithm to be used.
|
||||
type: str
|
||||
choices: ['cast', 'aes-256', 'des', 'aes-128', '3des']
|
||||
ike_phase_2:
|
||||
description:
|
||||
- Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom].
|
||||
type: dict
|
||||
suboptions:
|
||||
data_integrity:
|
||||
description:
|
||||
- The hash algorithm to be used.
|
||||
type: str
|
||||
choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']
|
||||
encryption_algorithm:
|
||||
description:
|
||||
- The encryption algorithm to be used.
|
||||
type: str
|
||||
choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']
|
||||
shared_secrets:
|
||||
description:
|
||||
- Shared secrets for external gateways.
|
||||
type: list
|
||||
suboptions:
|
||||
external_gateway:
|
||||
description:
|
||||
- External gateway identified by the name or UID.
|
||||
type: str
|
||||
shared_secret:
|
||||
description:
|
||||
- Shared secret.
|
||||
type: str
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
use_shared_secret:
|
||||
description:
|
||||
- Indicates whether the shared secret should be used for all external gateways.
|
||||
type: bool
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-vpn-community-meshed
|
||||
cp_mgmt_vpn_community_meshed:
|
||||
encryption_method: prefer ikev2 but support ikev1
|
||||
encryption_suite: custom
|
||||
ike_phase_1:
|
||||
data_integrity: sha1
|
||||
diffie_hellman_group: group 19
|
||||
encryption_algorithm: aes-128
|
||||
ike_phase_2:
|
||||
data_integrity: aes-xcbc
|
||||
encryption_algorithm: aes-gcm-128
|
||||
name: New_VPN_Community_Meshed_1
|
||||
state: present
|
||||
|
||||
- name: set-vpn-community-meshed
|
||||
cp_mgmt_vpn_community_meshed:
|
||||
encryption_method: ikev2 only
|
||||
encryption_suite: custom
|
||||
ike_phase_1:
|
||||
data_integrity: sha1
|
||||
diffie_hellman_group: group 19
|
||||
encryption_algorithm: aes-128
|
||||
ike_phase_2:
|
||||
data_integrity: aes-xcbc
|
||||
encryption_algorithm: aes-gcm-128
|
||||
name: New_VPN_Community_Meshed_1
|
||||
state: present
|
||||
|
||||
- name: delete-vpn-community-meshed
|
||||
cp_mgmt_vpn_community_meshed:
|
||||
name: New_VPN_Community_Meshed_1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_vpn_community_meshed:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']),
|
||||
encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']),
|
||||
gateways=dict(type='list'),
|
||||
ike_phase_1=dict(type='dict', options=dict(
|
||||
data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']),
|
||||
diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']),
|
||||
encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des'])
|
||||
)),
|
||||
ike_phase_2=dict(type='dict', options=dict(
|
||||
data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']),
|
||||
encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40',
|
||||
'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'])
|
||||
)),
|
||||
shared_secrets=dict(type='list', options=dict(
|
||||
external_gateway=dict(type='str'),
|
||||
shared_secret=dict(type='str')
|
||||
)),
|
||||
tags=dict(type='list'),
|
||||
use_shared_secret=dict(type='bool'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'vpn-community-meshed'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,126 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_vpn_community_meshed_facts
|
||||
short_description: Get vpn-community-meshed objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get vpn-community-meshed objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-vpn-community-meshed
|
||||
cp_mgmt_vpn_community_meshed_facts:
|
||||
name: New_VPN_Community_Meshed_1
|
||||
|
||||
- name: show-vpn-communities-meshed
|
||||
cp_mgmt_vpn_community_meshed_facts:
|
||||
details_level: full
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "vpn-community-meshed"
|
||||
api_call_object_plural_version = "vpn-communities-meshed"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,240 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_vpn_community_star
|
||||
short_description: Manages vpn-community-star objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages vpn-community-star objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
center_gateways:
|
||||
description:
|
||||
- Collection of Gateway objects representing center gateways identified by the name or UID.
|
||||
type: list
|
||||
encryption_method:
|
||||
description:
|
||||
- The encryption method to be used.
|
||||
type: str
|
||||
choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']
|
||||
encryption_suite:
|
||||
description:
|
||||
- The encryption suite to be used.
|
||||
type: str
|
||||
choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']
|
||||
ike_phase_1:
|
||||
description:
|
||||
- Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom].
|
||||
type: dict
|
||||
suboptions:
|
||||
data_integrity:
|
||||
description:
|
||||
- The hash algorithm to be used.
|
||||
type: str
|
||||
choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']
|
||||
diffie_hellman_group:
|
||||
description:
|
||||
- The Diffie-Hellman group to be used.
|
||||
type: str
|
||||
choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']
|
||||
encryption_algorithm:
|
||||
description:
|
||||
- The encryption algorithm to be used.
|
||||
type: str
|
||||
choices: ['cast', 'aes-256', 'des', 'aes-128', '3des']
|
||||
ike_phase_2:
|
||||
description:
|
||||
- Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom].
|
||||
type: dict
|
||||
suboptions:
|
||||
data_integrity:
|
||||
description:
|
||||
- The hash algorithm to be used.
|
||||
type: str
|
||||
choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']
|
||||
encryption_algorithm:
|
||||
description:
|
||||
- The encryption algorithm to be used.
|
||||
type: str
|
||||
choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']
|
||||
mesh_center_gateways:
|
||||
description:
|
||||
- Indicates whether the meshed community is in center.
|
||||
type: bool
|
||||
satellite_gateways:
|
||||
description:
|
||||
- Collection of Gateway objects representing satellite gateways identified by the name or UID.
|
||||
type: list
|
||||
shared_secrets:
|
||||
description:
|
||||
- Shared secrets for external gateways.
|
||||
type: list
|
||||
suboptions:
|
||||
external_gateway:
|
||||
description:
|
||||
- External gateway identified by the name or UID.
|
||||
type: str
|
||||
shared_secret:
|
||||
description:
|
||||
- Shared secret.
|
||||
type: str
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
use_shared_secret:
|
||||
description:
|
||||
- Indicates whether the shared secret should be used for all external gateways.
|
||||
type: bool
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-vpn-community-star
|
||||
cp_mgmt_vpn_community_star:
|
||||
center_gateways: Second_Security_Gateway
|
||||
encryption_method: prefer ikev2 but support ikev1
|
||||
encryption_suite: custom
|
||||
ike_phase_1:
|
||||
data_integrity: sha1
|
||||
diffie_hellman_group: group 19
|
||||
encryption_algorithm: aes-128
|
||||
ike_phase_2:
|
||||
data_integrity: aes-xcbc
|
||||
encryption_algorithm: aes-gcm-128
|
||||
name: New_VPN_Community_Star_1
|
||||
state: present
|
||||
|
||||
- name: set-vpn-community-star
|
||||
cp_mgmt_vpn_community_star:
|
||||
encryption_method: ikev2 only
|
||||
encryption_suite: custom
|
||||
ike_phase_1:
|
||||
data_integrity: sha1
|
||||
diffie_hellman_group: group 19
|
||||
encryption_algorithm: aes-128
|
||||
ike_phase_2:
|
||||
data_integrity: aes-xcbc
|
||||
encryption_algorithm: aes-gcm-128
|
||||
name: New_VPN_Community_Star_1
|
||||
state: present
|
||||
|
||||
- name: delete-vpn-community-star
|
||||
cp_mgmt_vpn_community_star:
|
||||
name: New_VPN_Community_Star_1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_vpn_community_star:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
center_gateways=dict(type='list'),
|
||||
encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']),
|
||||
encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']),
|
||||
ike_phase_1=dict(type='dict', options=dict(
|
||||
data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']),
|
||||
diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']),
|
||||
encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des'])
|
||||
)),
|
||||
ike_phase_2=dict(type='dict', options=dict(
|
||||
data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']),
|
||||
encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40',
|
||||
'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'])
|
||||
)),
|
||||
mesh_center_gateways=dict(type='bool'),
|
||||
satellite_gateways=dict(type='list'),
|
||||
shared_secrets=dict(type='list', options=dict(
|
||||
external_gateway=dict(type='str'),
|
||||
shared_secret=dict(type='str')
|
||||
)),
|
||||
tags=dict(type='list'),
|
||||
use_shared_secret=dict(type='bool'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'vpn-community-star'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,126 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_vpn_community_star_facts
|
||||
short_description: Get vpn-community-star objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get vpn-community-star objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-vpn-community-star
|
||||
cp_mgmt_vpn_community_star_facts:
|
||||
name: New_VPN_Community_Meshed_1
|
||||
|
||||
- name: show-vpn-communities-star
|
||||
cp_mgmt_vpn_community_star_facts:
|
||||
details_level: full
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "vpn-community-star"
|
||||
api_call_object_plural_version = "vpn-communities-star"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,157 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_wildcard
|
||||
short_description: Manages wildcard objects on Check Point over Web Services API
|
||||
description:
|
||||
- Manages wildcard objects on Check Point devices including creating, updating and removing objects.
|
||||
- All operations are performed over Web Services API.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
type: str
|
||||
required: True
|
||||
ipv4_address:
|
||||
description:
|
||||
- IPv4 address.
|
||||
type: str
|
||||
ipv4_mask_wildcard:
|
||||
description:
|
||||
- IPv4 mask wildcard.
|
||||
type: str
|
||||
ipv6_address:
|
||||
description:
|
||||
- IPv6 address.
|
||||
type: str
|
||||
ipv6_mask_wildcard:
|
||||
description:
|
||||
- IPv6 mask wildcard.
|
||||
type: str
|
||||
tags:
|
||||
description:
|
||||
- Collection of tag identifiers.
|
||||
type: list
|
||||
color:
|
||||
description:
|
||||
- Color of the object. Should be one of existing colors.
|
||||
type: str
|
||||
choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
|
||||
'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
|
||||
'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
|
||||
comments:
|
||||
description:
|
||||
- Comments string.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
groups:
|
||||
description:
|
||||
- Collection of group identifiers.
|
||||
type: list
|
||||
ignore_warnings:
|
||||
description:
|
||||
- Apply changes ignoring warnings.
|
||||
type: bool
|
||||
ignore_errors:
|
||||
description:
|
||||
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
||||
type: bool
|
||||
extends_documentation_fragment: checkpoint_objects
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: add-wildcard
|
||||
cp_mgmt_wildcard:
|
||||
ipv4_address: 192.168.2.1
|
||||
ipv4_mask_wildcard: 0.0.0.128
|
||||
name: New Wildcard 1
|
||||
state: present
|
||||
|
||||
- name: set-wildcard
|
||||
cp_mgmt_wildcard:
|
||||
color: green
|
||||
ipv6_address: 2001:db8::1111
|
||||
ipv6_mask_wildcard: ffff:ffff::f0f0
|
||||
name: New Wildcard 1
|
||||
state: present
|
||||
|
||||
- name: delete-wildcard
|
||||
cp_mgmt_wildcard:
|
||||
name: New Wildcard 1
|
||||
state: absent
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
cp_mgmt_wildcard:
|
||||
description: The checkpoint object created or updated.
|
||||
returned: always, except when deleting the object.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str', required=True),
|
||||
ipv4_address=dict(type='str'),
|
||||
ipv4_mask_wildcard=dict(type='str'),
|
||||
ipv6_address=dict(type='str'),
|
||||
ipv6_mask_wildcard=dict(type='str'),
|
||||
tags=dict(type='list'),
|
||||
color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
|
||||
'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
|
||||
'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
|
||||
'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
|
||||
'yellow']),
|
||||
comments=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
groups=dict(type='list'),
|
||||
ignore_warnings=dict(type='bool'),
|
||||
ignore_errors=dict(type='bool')
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_objects)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
api_call_object = 'wildcard'
|
||||
|
||||
result = api_call(module, api_call_object)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,126 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Ansible module to manage Check Point Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: cp_mgmt_wildcard_facts
|
||||
short_description: Get wildcard objects facts on Check Point over Web Services API
|
||||
description:
|
||||
- Get wildcard objects facts on Check Point devices.
|
||||
- All operations are performed over Web Services API.
|
||||
- This module handles both operations, get a specific object and get several objects,
|
||||
For getting a specific object use the parameter 'name'.
|
||||
version_added: "2.9"
|
||||
author: "Or Soffer (@chkp-orso)"
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- Object name.
|
||||
This parameter is relevant only for getting a specific object.
|
||||
type: str
|
||||
details_level:
|
||||
description:
|
||||
- The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
|
||||
representation of the object.
|
||||
type: str
|
||||
choices: ['uid', 'standard', 'full']
|
||||
limit:
|
||||
description:
|
||||
- No more than that many results will be returned.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
offset:
|
||||
description:
|
||||
- Skip that many results before beginning to return them.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: int
|
||||
order:
|
||||
description:
|
||||
- Sorts results by the given field. By default the results are sorted in the ascending order by name.
|
||||
This parameter is relevant only for getting few objects.
|
||||
type: list
|
||||
suboptions:
|
||||
ASC:
|
||||
description:
|
||||
- Sorts results by the given field in ascending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
DESC:
|
||||
description:
|
||||
- Sorts results by the given field in descending order.
|
||||
type: str
|
||||
choices: ['name']
|
||||
extends_documentation_fragment: checkpoint_facts
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: show-wildcard
|
||||
cp_mgmt_wildcard_facts:
|
||||
name: New Wildcard 1
|
||||
|
||||
- name: show-wildcards
|
||||
cp_mgmt_wildcard_facts:
|
||||
details_level: standard
|
||||
limit: 50
|
||||
offset: 0
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ansible_facts:
|
||||
description: The checkpoint object facts.
|
||||
returned: always.
|
||||
type: dict
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
name=dict(type='str'),
|
||||
details_level=dict(type='str', choices=['uid', 'standard', 'full']),
|
||||
limit=dict(type='int'),
|
||||
offset=dict(type='int'),
|
||||
order=dict(type='list', options=dict(
|
||||
ASC=dict(type='str', choices=['name']),
|
||||
DESC=dict(type='str', choices=['name'])
|
||||
))
|
||||
)
|
||||
argument_spec.update(checkpoint_argument_spec_for_facts)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
|
||||
api_call_object = "wildcard"
|
||||
api_call_object_plural_version = "wildcards"
|
||||
|
||||
result = api_call_facts(module, api_call_object, api_call_object_plural_version)
|
||||
module.exit_json(ansible_facts=result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -1,24 +0,0 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
||||
|
||||
class ModuleDocFragment(object):
|
||||
|
||||
# Standard files documentation fragment
|
||||
DOCUMENTATION = r'''
|
||||
options:
|
||||
wait_for_task:
|
||||
description:
|
||||
- Wait for the task to end. Such as publish task.
|
||||
type: bool
|
||||
default: True
|
||||
version:
|
||||
description:
|
||||
- Version of checkpoint. If not given one, the latest version taken.
|
||||
type: str
|
||||
'''
|
@ -1,19 +0,0 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
||||
|
||||
class ModuleDocFragment(object):
|
||||
|
||||
# Standard files documentation fragment
|
||||
DOCUMENTATION = r'''
|
||||
options:
|
||||
version:
|
||||
description:
|
||||
- Version of checkpoint. If not given one, the latest version taken.
|
||||
type: str
|
||||
'''
|
@ -1,37 +0,0 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
||||
|
||||
class ModuleDocFragment(object):
|
||||
|
||||
# Standard files documentation fragment
|
||||
DOCUMENTATION = r'''
|
||||
options:
|
||||
state:
|
||||
description:
|
||||
- State of the access rule (present or absent). Defaults to present.
|
||||
type: str
|
||||
default: present
|
||||
choices:
|
||||
- 'present'
|
||||
- 'absent'
|
||||
auto_publish_session:
|
||||
description:
|
||||
- Publish the current session if changes have been performed
|
||||
after task completes.
|
||||
type: bool
|
||||
wait_for_task:
|
||||
description:
|
||||
- Wait for the task to end. Such as publish task.
|
||||
type: bool
|
||||
default: True
|
||||
version:
|
||||
description:
|
||||
- Version of checkpoint. If not given one, the latest version taken.
|
||||
type: str
|
||||
'''
|
@ -1,94 +0,0 @@
|
||||
# (c) 2018 Red Hat Inc.
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
author: Ansible Networking Team
|
||||
httpapi : checkpoint
|
||||
short_description: HttpApi Plugin for Checkpoint devices
|
||||
description:
|
||||
- This HttpApi plugin provides methods to connect to Checkpoint
|
||||
devices over a HTTP(S)-based api.
|
||||
version_added: "2.8"
|
||||
options:
|
||||
domain:
|
||||
type: str
|
||||
description:
|
||||
- Specifies the domain of the Check Point device
|
||||
vars:
|
||||
- name: ansible_checkpoint_domain
|
||||
version_added: "2.10"
|
||||
"""
|
||||
|
||||
import json
|
||||
|
||||
from ansible.module_utils.basic import to_text
|
||||
from ansible.errors import AnsibleConnectionFailure
|
||||
from ansible.module_utils.six.moves.urllib.error import HTTPError
|
||||
from ansible.plugins.httpapi import HttpApiBase
|
||||
from ansible.module_utils.connection import ConnectionError
|
||||
|
||||
BASE_HEADERS = {
|
||||
'Content-Type': 'application/json',
|
||||
}
|
||||
|
||||
|
||||
class HttpApi(HttpApiBase):
|
||||
def login(self, username, password):
|
||||
if username and password:
|
||||
cp_domain = self.get_option('domain')
|
||||
if cp_domain:
|
||||
payload = {'user': username, 'password': password, 'domain': cp_domain}
|
||||
else:
|
||||
payload = {'user': username, 'password': password}
|
||||
url = '/web_api/login'
|
||||
response, response_data = self.send_request(url, payload)
|
||||
else:
|
||||
raise AnsibleConnectionFailure('Username and password are required for login')
|
||||
|
||||
try:
|
||||
self.connection._auth = {'X-chkp-sid': response_data['sid']}
|
||||
self.connection._session_uid = response_data['uid']
|
||||
except KeyError:
|
||||
raise ConnectionError(
|
||||
'Server returned response without token info during connection authentication: %s' % response)
|
||||
|
||||
def logout(self):
|
||||
url = '/web_api/logout'
|
||||
|
||||
response, dummy = self.send_request(url, None)
|
||||
|
||||
def get_session_uid(self):
|
||||
return self.connection._session_uid
|
||||
|
||||
def send_request(self, path, body_params):
|
||||
data = json.dumps(body_params) if body_params else '{}'
|
||||
|
||||
try:
|
||||
self._display_request()
|
||||
response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS)
|
||||
value = self._get_response_value(response_data)
|
||||
|
||||
return response.getcode(), self._response_to_json(value)
|
||||
except AnsibleConnectionFailure as e:
|
||||
return 404, e.message
|
||||
except HTTPError as e:
|
||||
error = json.loads(e.read())
|
||||
return e.code, error
|
||||
|
||||
def _display_request(self):
|
||||
self.connection.queue_message('vvvv', 'Web Services: %s %s' % ('POST', self.connection._url))
|
||||
|
||||
def _get_response_value(self, response_data):
|
||||
return to_text(response_data.getvalue())
|
||||
|
||||
def _response_to_json(self, response_text):
|
||||
try:
|
||||
return json.loads(response_text) if response_text else {}
|
||||
# JSONDecodeError only available on Python 3.5+
|
||||
except ValueError:
|
||||
raise ConnectionError('Invalid JSON response: %s' % response_text)
|
@ -1,110 +0,0 @@
|
||||
# Ansible module to manage CheckPoint Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
import pytest
|
||||
from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
|
||||
|
||||
from ansible.module_utils import basic
|
||||
from ansible.modules.network.check_point import cp_mgmt_access_layer
|
||||
|
||||
OBJECT = {
|
||||
"name": "New Layer 1"
|
||||
}
|
||||
|
||||
CREATE_PAYLOAD = {
|
||||
"name": "New Layer 1"
|
||||
}
|
||||
|
||||
UPDATE_PAYLOAD = {
|
||||
"name": "New Layer 1",
|
||||
"applications_and_url_filtering": False
|
||||
}
|
||||
|
||||
OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD
|
||||
|
||||
DELETE_PAYLOAD = {
|
||||
"name": "New Layer 1",
|
||||
"state": "absent"
|
||||
}
|
||||
|
||||
function_path = 'ansible.modules.network.check_point.cp_mgmt_access_layer.api_call'
|
||||
api_call_object = 'access-layer'
|
||||
|
||||
|
||||
class TestCheckpointAccessLayer(object):
|
||||
module = cp_mgmt_access_layer
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def module_mock(self, mocker):
|
||||
return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
|
||||
|
||||
@pytest.fixture
|
||||
def connection_mock(self, mocker):
|
||||
connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
|
||||
return connection_class_mock.return_value
|
||||
|
||||
def test_create(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': True, api_call_object: OBJECT}
|
||||
result = self._run_module(CREATE_PAYLOAD)
|
||||
|
||||
assert result['changed']
|
||||
assert OBJECT.items() == result[api_call_object].items()
|
||||
|
||||
def test_create_idempotent(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': False, api_call_object: OBJECT}
|
||||
result = self._run_module(CREATE_PAYLOAD)
|
||||
|
||||
assert not result['changed']
|
||||
|
||||
def test_update(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE}
|
||||
result = self._run_module(UPDATE_PAYLOAD)
|
||||
|
||||
assert result['changed']
|
||||
assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items()
|
||||
|
||||
def test_update_idempotent(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE}
|
||||
result = self._run_module(UPDATE_PAYLOAD)
|
||||
|
||||
assert not result['changed']
|
||||
|
||||
def test_delete(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': True}
|
||||
result = self._run_module(DELETE_PAYLOAD)
|
||||
|
||||
assert result['changed']
|
||||
|
||||
def test_delete_idempotent(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': False}
|
||||
result = self._run_module(DELETE_PAYLOAD)
|
||||
|
||||
assert not result['changed']
|
||||
|
||||
def _run_module(self, module_args):
|
||||
set_module_args(module_args)
|
||||
with pytest.raises(AnsibleExitJson) as ex:
|
||||
self.module.main()
|
||||
return ex.value.args[0]
|
@ -1,82 +0,0 @@
|
||||
# Ansible module to manage CheckPoint Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
import pytest
|
||||
from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
|
||||
|
||||
from ansible.module_utils import basic
|
||||
from ansible.modules.network.check_point import cp_mgmt_access_layer_facts
|
||||
|
||||
OBJECT = {
|
||||
"from": 1,
|
||||
"to": 1,
|
||||
"total": 6,
|
||||
"objects": [
|
||||
"53de74b7-8f19-4cbe-99fc-a81ef0759bad"
|
||||
]
|
||||
}
|
||||
|
||||
SHOW_PLURAL_PAYLOAD = {
|
||||
'limit': 1,
|
||||
'details_level': 'uid'
|
||||
}
|
||||
|
||||
SHOW_SINGLE_PAYLOAD = {
|
||||
'name': 'object_which_is_not_exist'
|
||||
}
|
||||
|
||||
api_call_object = 'access-layer'
|
||||
api_call_object_plural_version = 'access-layers'
|
||||
failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}'''
|
||||
|
||||
|
||||
class TestCheckpointAccessLayerFacts(object):
|
||||
module = cp_mgmt_access_layer_facts
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def module_mock(self, mocker):
|
||||
return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
|
||||
|
||||
@pytest.fixture
|
||||
def connection_mock(self, mocker):
|
||||
connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
|
||||
return connection_class_mock.return_value
|
||||
|
||||
def test_show_single_object_which_is_not_exist(self, mocker, connection_mock):
|
||||
connection_mock.send_request.return_value = (404, failure_msg)
|
||||
try:
|
||||
result = self._run_module(SHOW_SINGLE_PAYLOAD)
|
||||
except Exception as e:
|
||||
result = e.args[0]
|
||||
|
||||
assert result['failed']
|
||||
assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg']
|
||||
|
||||
def test_show_few_objects(self, mocker, connection_mock):
|
||||
connection_mock.send_request.return_value = (200, OBJECT)
|
||||
result = self._run_module(SHOW_PLURAL_PAYLOAD)
|
||||
|
||||
assert not result['changed']
|
||||
assert OBJECT == result['ansible_facts'][api_call_object_plural_version]
|
||||
|
||||
def _run_module(self, module_args):
|
||||
set_module_args(module_args)
|
||||
with pytest.raises(AnsibleExitJson) as ex:
|
||||
self.module.main()
|
||||
return ex.value.args[0]
|
@ -1,119 +0,0 @@
|
||||
# Ansible module to manage CheckPoint Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
import pytest
|
||||
from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
|
||||
|
||||
from ansible.module_utils import basic
|
||||
from ansible.modules.network.check_point import cp_mgmt_access_role
|
||||
|
||||
OBJECT = {
|
||||
"name": "New Access Role 1",
|
||||
"networks": "any",
|
||||
"users": "any",
|
||||
"machines": "all identified",
|
||||
"remote_access_clients": "any"
|
||||
}
|
||||
|
||||
CREATE_PAYLOAD = {
|
||||
"name": "New Access Role 1",
|
||||
"networks": "any",
|
||||
"users": "any",
|
||||
"machines": "all identified",
|
||||
"remote_access_clients": "any"
|
||||
}
|
||||
|
||||
UPDATE_PAYLOAD = {
|
||||
"name": "New Access Role 1",
|
||||
"users": "all identified",
|
||||
"machines": "any"
|
||||
}
|
||||
|
||||
OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD
|
||||
|
||||
DELETE_PAYLOAD = {
|
||||
"name": "New Access Role 1",
|
||||
"state": "absent"
|
||||
}
|
||||
|
||||
function_path = 'ansible.modules.network.check_point.cp_mgmt_access_role.api_call'
|
||||
api_call_object = 'access-role'
|
||||
|
||||
|
||||
class TestCheckpointAccessRole(object):
|
||||
module = cp_mgmt_access_role
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def module_mock(self, mocker):
|
||||
return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
|
||||
|
||||
@pytest.fixture
|
||||
def connection_mock(self, mocker):
|
||||
connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
|
||||
return connection_class_mock.return_value
|
||||
|
||||
def test_create(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': True, api_call_object: OBJECT}
|
||||
result = self._run_module(CREATE_PAYLOAD)
|
||||
|
||||
assert result['changed']
|
||||
assert OBJECT.items() == result[api_call_object].items()
|
||||
|
||||
def test_create_idempotent(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': False, api_call_object: OBJECT}
|
||||
result = self._run_module(CREATE_PAYLOAD)
|
||||
|
||||
assert not result['changed']
|
||||
|
||||
def test_update(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE}
|
||||
result = self._run_module(UPDATE_PAYLOAD)
|
||||
|
||||
assert result['changed']
|
||||
assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items()
|
||||
|
||||
def test_update_idempotent(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE}
|
||||
result = self._run_module(UPDATE_PAYLOAD)
|
||||
|
||||
assert not result['changed']
|
||||
|
||||
def test_delete(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': True}
|
||||
result = self._run_module(DELETE_PAYLOAD)
|
||||
|
||||
assert result['changed']
|
||||
|
||||
def test_delete_idempotent(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': False}
|
||||
result = self._run_module(DELETE_PAYLOAD)
|
||||
|
||||
assert not result['changed']
|
||||
|
||||
def _run_module(self, module_args):
|
||||
set_module_args(module_args)
|
||||
with pytest.raises(AnsibleExitJson) as ex:
|
||||
self.module.main()
|
||||
return ex.value.args[0]
|
@ -1,82 +0,0 @@
|
||||
# Ansible module to manage CheckPoint Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
import pytest
|
||||
from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
|
||||
|
||||
from ansible.module_utils import basic
|
||||
from ansible.modules.network.check_point import cp_mgmt_access_role_facts
|
||||
|
||||
OBJECT = {
|
||||
"from": 1,
|
||||
"to": 1,
|
||||
"total": 6,
|
||||
"objects": [
|
||||
"53de74b7-8f19-4cbe-99fc-a81ef0759bad"
|
||||
]
|
||||
}
|
||||
|
||||
SHOW_PLURAL_PAYLOAD = {
|
||||
'limit': 1,
|
||||
'details_level': 'uid'
|
||||
}
|
||||
|
||||
SHOW_SINGLE_PAYLOAD = {
|
||||
'name': 'object_which_is_not_exist'
|
||||
}
|
||||
|
||||
api_call_object = 'access-role'
|
||||
api_call_object_plural_version = 'access-roles'
|
||||
failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}'''
|
||||
|
||||
|
||||
class TestCheckpointAccessRoleFacts(object):
|
||||
module = cp_mgmt_access_role_facts
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def module_mock(self, mocker):
|
||||
return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
|
||||
|
||||
@pytest.fixture
|
||||
def connection_mock(self, mocker):
|
||||
connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
|
||||
return connection_class_mock.return_value
|
||||
|
||||
def test_show_single_object_which_is_not_exist(self, mocker, connection_mock):
|
||||
connection_mock.send_request.return_value = (404, failure_msg)
|
||||
try:
|
||||
result = self._run_module(SHOW_SINGLE_PAYLOAD)
|
||||
except Exception as e:
|
||||
result = e.args[0]
|
||||
|
||||
assert result['failed']
|
||||
assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg']
|
||||
|
||||
def test_show_few_objects(self, mocker, connection_mock):
|
||||
connection_mock.send_request.return_value = (200, OBJECT)
|
||||
result = self._run_module(SHOW_PLURAL_PAYLOAD)
|
||||
|
||||
assert not result['changed']
|
||||
assert OBJECT == result['ansible_facts'][api_call_object_plural_version]
|
||||
|
||||
def _run_module(self, module_args):
|
||||
set_module_args(module_args)
|
||||
with pytest.raises(AnsibleExitJson) as ex:
|
||||
self.module.main()
|
||||
return ex.value.args[0]
|
@ -1,124 +0,0 @@
|
||||
# Ansible module to manage CheckPoint Firewall (c) 2019
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
import pytest
|
||||
from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
|
||||
|
||||
from ansible.module_utils import basic
|
||||
from ansible.modules.network.check_point import cp_mgmt_access_rule
|
||||
|
||||
OBJECT = {
|
||||
"layer": "Network",
|
||||
"name": "Rule 1",
|
||||
"service": [
|
||||
"SMTP",
|
||||
"AOL"
|
||||
]
|
||||
}
|
||||
|
||||
CREATE_PAYLOAD = {
|
||||
"layer": "Network",
|
||||
"name": "Rule 1",
|
||||
"service": [
|
||||
"SMTP",
|
||||
"AOL"
|
||||
]
|
||||
}
|
||||
|
||||
UPDATE_PAYLOAD = {
|
||||
"name": "Rule 1",
|
||||
"layer": "Network",
|
||||
"action_settings": {
|
||||
"limit": "Upload_1Gbps",
|
||||
"enable_identity_captive_portal": True
|
||||
}
|
||||
}
|
||||
|
||||
OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD
|
||||
|
||||
DELETE_PAYLOAD = {
|
||||
"name": "Rule 1",
|
||||
"state": "absent"
|
||||
}
|
||||
|
||||
function_path = 'ansible.modules.network.check_point.cp_mgmt_access_rule.api_call'
|
||||
api_call_object = 'access-rule'
|
||||
|
||||
|
||||
class TestCheckpointAccessRule(object):
|
||||
module = cp_mgmt_access_rule
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def module_mock(self, mocker):
|
||||
return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
|
||||
|
||||
@pytest.fixture
|
||||
def connection_mock(self, mocker):
|
||||
connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
|
||||
return connection_class_mock.return_value
|
||||
|
||||
def test_create(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': True, api_call_object: OBJECT}
|
||||
result = self._run_module(CREATE_PAYLOAD)
|
||||
|
||||
assert result['changed']
|
||||
assert OBJECT.items() == result[api_call_object].items()
|
||||
|
||||
def test_create_idempotent(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': False, api_call_object: OBJECT}
|
||||
result = self._run_module(CREATE_PAYLOAD)
|
||||
|
||||
assert not result['changed']
|
||||
|
||||
def test_update(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE}
|
||||
result = self._run_module(UPDATE_PAYLOAD)
|
||||
|
||||
assert result['changed']
|
||||
assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items()
|
||||
|
||||
def test_update_idempotent(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE}
|
||||
result = self._run_module(UPDATE_PAYLOAD)
|
||||
|
||||
assert not result['changed']
|
||||
|
||||
def test_delete(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': True}
|
||||
result = self._run_module(DELETE_PAYLOAD)
|
||||
|
||||
assert result['changed']
|
||||
|
||||
def test_delete_idempotent(self, mocker, connection_mock):
|
||||
mock_function = mocker.patch(function_path)
|
||||
mock_function.return_value = {'changed': False}
|
||||
result = self._run_module(DELETE_PAYLOAD)
|
||||
|
||||
assert not result['changed']
|
||||
|
||||
def _run_module(self, module_args):
|
||||
set_module_args(module_args)
|
||||
with pytest.raises(AnsibleExitJson) as ex:
|
||||
self.module.main()
|
||||
return ex.value.args[0]
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue