def api_call(module, api_call_object):
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
version = get_version(module)
result = {'changed': False}
if module.check_mode:
return result
payload_for_equals = {'type': api_call_object, 'params': payload}
equals_code, equals_response = send_request(connection, version, 'equals',
payload_for_equals)
result['checkpoint_session_uid'] = connection.get_session_uid()
handle_equals_failure(module, equals_code, equals_response)
if module.params['state'] == 'present':
if equals_code == 200:
# else objects are equals and there is no need for set request
if not equals_response['equals']:
handle_call_and_set_result(connection, version,
'set-' + api_call_object, payload,
module, result)
elif equals_code == 404:
handle_call_and_set_result(connection, version,
'add-' + api_call_object, payload,
module, result)
elif module.params['state'] == 'absent':
handle_delete(equals_code, payload, delete_params, connection, version,
api_call_object, module, result)
return result
def api_call(module, api_call_object):
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
result = {'changed': False}
if module.check_mode:
return result
# if user insert a specific version, we add it to the url
version = ('v' + module.params['version'] + '/') if module.params.get('version') else ''
payload_for_equals = {'type': api_call_object, 'params': payload}
equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals)
result['checkpoint_session_uid'] = connection.get_session_uid()
# if code is 400 (bad request) or 500 (internal error) - fail
if equals_code == 400 or equals_code == 500:
module.fail_json(msg=equals_response)
if equals_code == 404 and equals_response['code'] == 'generic_err_command_not_found':
module.fail_json(msg='Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center.')
if module.params['state'] == 'present':
if equals_code == 200:
if not equals_response['equals']:
code, response = send_request(connection, version, 'set-' + api_call_object, payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
result[api_call_object] = response
else:
# objects are equals and there is no need for set request
pass
elif equals_code == 404:
code, response = send_request(connection, version, 'add-' + api_call_object, payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
result[api_call_object] = response
elif module.params['state'] == 'absent':
if equals_code == 200:
payload_for_delete = get_copy_payload_with_some_params(payload, delete_params)
code, response = send_request(connection, version, 'delete-' + api_call_object, payload_for_delete)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
elif equals_code == 404:
# no need to delete because object dose not exist
pass
return result
def main():
argument_spec = dict(
name=dict(type='str', required=True),
layer=dict(type='str'),
position=dict(type='str'),
source=dict(type='str'),
destination=dict(type='str'),
action=dict(type='str', default='drop'),
enabled=dict(type='bool', default=True),
state=dict(type='str', default='present')
)
argument_spec.update(checkpoint_argument_spec)
required_if = [('state', 'present', ('layer', 'position'))]
module = AnsibleModule(argument_spec=argument_spec, required_if=required_if)
connection = Connection(module._socket_path)
code, response = get_access_rule(module, connection)
result = {'changed': False}
if module.params['state'] == 'present':
if code == 200:
if needs_update(module, response):
code, response = update_access_rule(module, connection)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True
result['checkpoint_access_rules'] = response
else:
pass
elif code == 404:
code, response = create_access_rule(module, connection)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True
result['checkpoint_access_rules'] = response
else:
if code == 200:
code, response = delete_access_rule(module, connection)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True
elif code == 404:
pass
result['checkpoint_session_uid'] = connection.get_session_uid()
module.exit_json(**result)
def api_call(module, api_call_object):
payload = get_payload_from_parameters(module)
connection = Connection(module._socket_path)
# if user insert a specific version, we add it to the url
version = ('v' + module.params['version'] +
'/') if module.params.get('version') else ''
payload_for_equals = {'type': api_call_object, 'params': payload}
equals_code, equals_response = send_request(connection, version, 'equals',
payload_for_equals)
# if code is 400 (bad request) or 500 (internal error) - fail
if equals_code == 400 or equals_code == 500:
module.fail_json(msg=equals_response)
result = {'changed': False}
if module.params['state'] == 'present':
if equals_code == 200:
if not equals_response['equals']:
code, response = send_request(connection, version,
'set-' + api_call_object,
payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
result[api_call_object] = response
else:
# objects are equals and there is no need for set request
pass
elif equals_code == 404:
code, response = send_request(connection, version,
'add-' + api_call_object, payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
result[api_call_object] = response
else:
# state == absent
if equals_code == 200:
code, response = send_request(connection, version,
'delete-' + api_call_object, payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
elif equals_code == 404:
# no need to delete because object dose not exist
pass
result['checkpoint_session_uid'] = connection.get_session_uid()
return result
def main():
argument_spec = dict(
name=dict(type='str', required=True),
ip_address=dict(type='str'),
state=dict(type='str', default='present')
)
argument_spec.update(checkpoint_argument_spec)
required_if = [('state', 'present', 'ip_address')]
module = AnsibleModule(argument_spec=argument_spec)
connection = Connection(module._socket_path)
code, response = get_host(module, connection)
result = {'changed': False}
if module.params['state'] == 'present':
if code == 200:
if needs_update(module, response):
code, response = update_host(module, connection)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True
result['checkpoint_hosts'] = response
else:
pass
elif code == 404:
code, response = create_host(module, connection)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True
result['checkpoint_hosts'] = response
else:
if code == 200:
# Handle deletion
code, response = delete_host(module, connection)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True
elif code == 404:
pass
result['checkpoint_session_uid'] = connection.get_session_uid()
module.exit_json(**result)
def api_call_for_rule(module, api_call_object):
is_access_rule = True if 'access' in api_call_object else False
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
version = get_version(module)
result = {'changed': False}
if module.check_mode:
return result
if is_access_rule:
copy_payload_without_some_params = extract_payload_without_some_params(
payload, ['action', 'position'])
else:
copy_payload_without_some_params = extract_payload_without_some_params(
payload, ['position'])
payload_for_equals = {
'type': api_call_object,
'params': copy_payload_without_some_params
}
equals_code, equals_response = send_request(connection, version, 'equals',
payload_for_equals)
result['checkpoint_session_uid'] = connection.get_session_uid()
handle_equals_failure(module, equals_code, equals_response)
if module.params['state'] == 'present':
if equals_code == 200:
if equals_response['equals']:
if not is_equals_with_all_params(payload, connection, version,
api_call_object,
is_access_rule):
equals_response['equals'] = False
# else objects are equals and there is no need for set request
if not equals_response['equals']:
# if user insert param 'position' and needed to use the 'set' command, change the param name to 'new-position'
if 'position' in payload:
payload['new-position'] = payload['position']
del payload['position']
handle_call_and_set_result(connection, version,
'set-' + api_call_object, payload,
module, result)
elif equals_code == 404:
handle_call_and_set_result(connection, version,
'add-' + api_call_object, payload,
module, result)
elif module.params['state'] == 'absent':
handle_delete(equals_code, payload, delete_params, connection, version,
api_call_object, module, result)
return result
def api_call_for_rule(module, api_call_object):
is_access_rule = True if "access" in api_call_object else False
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
result = {"changed": False}
if module.check_mode:
return result
# if user insert a specific version, we add it to the url
version = (
("v" + module.params["version"] + "/")
if module.params.get("version")
else ""
)
if is_access_rule:
copy_payload_without_some_params = get_copy_payload_without_some_params(
payload, ["action", "position"]
)
else:
copy_payload_without_some_params = get_copy_payload_without_some_params(
payload, ["position"]
)
payload_for_equals = {
"type": api_call_object,
"params": copy_payload_without_some_params,
}
equals_code, equals_response = send_request(
connection, version, "equals", payload_for_equals
)
result["checkpoint_session_uid"] = connection.get_session_uid()
# if code is 400 (bad request) or 500 (internal error) - fail
if equals_code == 400 or equals_code == 500:
module.fail_json(msg=equals_response)
if (
equals_code == 404
and equals_response["code"] == "generic_err_command_not_found"
):
module.fail_json(
msg="Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center."
)
if module.params["state"] == "present":
if equals_code == 200:
if equals_response["equals"]:
if not is_equals_with_all_params(
payload,
connection,
version,
api_call_object,
is_access_rule,
):
equals_response["equals"] = False
if not equals_response["equals"]:
# if user insert param 'position' and needed to use the 'set' command, change the param name to 'new-position'
if "position" in payload:
payload["new-position"] = payload["position"]
del payload["position"]
code, response = send_request(
connection, version, "set-" + api_call_object, payload
)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result["changed"] = True
result[api_call_object] = response
else:
# objects are equals and there is no need for set request
pass
elif equals_code == 404:
code, response = send_request(
connection, version, "add-" + api_call_object, payload
)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result["changed"] = True
result[api_call_object] = response
elif module.params["state"] == "absent":
if equals_code == 200:
payload_for_delete = get_copy_payload_with_some_params(
payload, delete_params
)
code, response = send_request(
connection,
version,
"delete-" + api_call_object,
payload_for_delete,
)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result["changed"] = True
elif equals_code == 404:
# no need to delete because object dose not exist
pass
return result
def api_call_for_rule(module, api_call_object):
is_access_rule = True if 'access' in api_call_object else False
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
result = {
'changed': False,
'checkpoint_session_uid': connection.get_session_uid()
}
if module.check_mode:
return result
# if user insert a specific version, we add it to the url
version = ('v' + module.params['version'] +
'/') if module.params.get('version') else ''
if is_access_rule:
copy_payload_without_some_params = get_copy_payload_without_some_params(
payload, ['action', 'position'])
else:
copy_payload_without_some_params = get_copy_payload_without_some_params(
payload, ['position'])
payload_for_equals = {
'type': api_call_object,
'params': copy_payload_without_some_params
}
equals_code, equals_response = send_request(connection, version, 'equals',
payload_for_equals)
# if code is 400 (bad request) or 500 (internal error) - fail
if equals_code == 400 or equals_code == 500:
module.fail_json(msg=equals_response)
if module.params['state'] == 'present':
if equals_code == 200:
if equals_response['equals']:
if not is_equals_with_all_params(payload, connection, version,
api_call_object,
is_access_rule):
equals_response['equals'] = False
if not equals_response['equals']:
# if user insert param 'position' and needed to use the 'set' command, change the param name to 'new-position'
if 'position' in payload:
payload['new-position'] = payload['position']
del payload['position']
code, response = send_request(connection, version,
'set-' + api_call_object,
payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
result[api_call_object] = response
else:
# objects are equals and there is no need for set request
pass
elif equals_code == 404:
code, response = send_request(connection, version,
'add-' + api_call_object, payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
result[api_call_object] = response
elif module.params['state'] == 'absent':
if equals_code == 200:
code, response = send_request(connection, version,
'delete-' + api_call_object, payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
elif equals_code == 404:
# no need to delete because object dose not exist
pass
return result
def main():
argument_spec = dict(
name=dict(type="str", required=True),
ip_address=dict(type="str"),
state=dict(type="str", default="present"),
)
argument_spec.update(checkpoint_argument_spec)
module = AnsibleModule(argument_spec=argument_spec)
connection = Connection(module._socket_path)
code, response = get_host(module, connection)
result = {"changed": False}
if module.params["state"] == "present":
if code == 200:
if needs_update(module, response):
code, response = update_host(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params["auto_publish_session"]:
publish(connection)
if module.params["auto_install_policy"]:
install_policy(
connection,
module.params["policy_package"],
module.params["targets"],
)
result["changed"] = True
result["checkpoint_hosts"] = response
else:
pass
elif code == 404:
code, response = create_host(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params["auto_publish_session"]:
publish(connection)
if module.params["auto_install_policy"]:
install_policy(
connection,
module.params["policy_package"],
module.params["targets"],
)
result["changed"] = True
result["checkpoint_hosts"] = response
else:
if code == 200:
# Handle deletion
code, response = delete_host(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params["auto_publish_session"]:
publish(connection)
if module.params["auto_install_policy"]:
install_policy(
connection,
module.params["policy_package"],
module.params["targets"],
)
result["changed"] = True
result["checkpoint_hosts"] = response
elif code == 404:
pass
result["checkpoint_session_uid"] = connection.get_session_uid()
module.exit_json(**result)
def main():
argument_spec = dict(
name=dict(type="str", required=True),
layer=dict(type="str"),
position=dict(type="str"),
source=dict(type="str"),
destination=dict(type="str"),
action=dict(type="str", default="drop"),
enabled=dict(type="bool", default=True),
state=dict(type="str", default="present"),
)
argument_spec.update(checkpoint_argument_spec)
required_if = [("state", "present", ("layer", "position"))]
module = AnsibleModule(argument_spec=argument_spec,
required_if=required_if)
connection = Connection(module._socket_path)
code, response = get_access_rule(module, connection)
result = {"changed": False}
if module.params["state"] == "present":
if code == 200:
if needs_update(module, response):
code, response = update_access_rule(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params["auto_publish_session"]:
publish(connection)
if module.params["auto_install_policy"]:
install_policy(
connection,
module.params["policy_package"],
module.params["targets"],
)
result["changed"] = True
result["checkpoint_access_rules"] = response
else:
pass
elif code == 404:
code, response = create_access_rule(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params["auto_publish_session"]:
publish(connection)
if module.params["auto_install_policy"]:
install_policy(
connection,
module.params["policy_package"],
module.params["targets"],
)
result["changed"] = True
result["checkpoint_access_rules"] = response
else:
if code == 200:
code, response = delete_access_rule(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params["auto_publish_session"]:
publish(connection)
if module.params["auto_install_policy"]:
install_policy(
connection,
module.params["policy_package"],
module.params["targets"],
)
result["changed"] = True
result["checkpoint_access_rules"] = response
elif code == 404:
pass
result["checkpoint_session_uid"] = connection.get_session_uid()
module.exit_json(**result)
