def api_call_for_rule(module, api_call_object): is_access_rule = True if 'access' in api_call_object else False payload = get_payload_from_parameters(module.params) connection = Connection(module._socket_path) result = {'changed': False} if module.check_mode: return result # if user insert a specific version, we add it to the url version = ('v' + module.params['version'] + '/') if module.params.get('version') else '' if is_access_rule: copy_payload_without_some_params = get_copy_payload_without_some_params( payload, ['action', 'position']) else: copy_payload_without_some_params = get_copy_payload_without_some_params( payload, ['position']) payload_for_equals = { 'type': api_call_object, 'params': copy_payload_without_some_params } equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals) result['checkpoint_session_uid'] = connection.get_session_uid() # if code is 400 (bad request) or 500 (internal error) - fail if equals_code == 400 or equals_code == 500: module.fail_json(msg=equals_response) if equals_code == 404 and equals_response[ 'code'] == 'generic_err_command_not_found': module.fail_json( msg= 'Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center.' ) if module.params['state'] == 'present': if equals_code == 200: if equals_response['equals']: if not is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule): equals_response['equals'] = False if not equals_response['equals']: # if user insert param 'position' and needed to use the 'set' command, change the param name to 'new-position' if 'position' in payload: payload['new-position'] = payload['position'] del payload['position'] code, response = send_request(connection, version, 'set-' + api_call_object, payload) if code != 200: module.fail_json(msg=response) handle_publish(module, connection, version) result['changed'] = True result[api_call_object] = response else: # objects are equals and there is no need for set request pass elif equals_code == 404: code, response = send_request(connection, version, 'add-' + api_call_object, payload) if code != 200: module.fail_json(msg=response) handle_publish(module, connection, version) result['changed'] = True result[api_call_object] = response elif module.params['state'] == 'absent': if equals_code == 200: payload_for_delete = get_copy_payload_with_some_params( payload, delete_params) code, response = send_request(connection, version, 'delete-' + api_call_object, payload_for_delete) if code != 200: module.fail_json(msg=response) handle_publish(module, connection, version) result['changed'] = True elif equals_code == 404: # no need to delete because object dose not exist pass return result
def main(): argument_spec = dict(name=dict(type='str', required=True), layer=dict(type='str'), position=dict(type='str'), source=dict(type='str'), destination=dict(type='str'), action=dict(type='str', default='drop'), enabled=dict(type='bool', default=True), state=dict(type='str', default='present')) argument_spec.update(checkpoint_argument_spec) required_if = [('state', 'present', ('layer', 'position'))] module = AnsibleModule(argument_spec=argument_spec, required_if=required_if) connection = Connection(module._socket_path) code, response = get_access_rule(module, connection) result = {'changed': False} if module.params['state'] == 'present': if code == 200: if needs_update(module, response): code, response = update_access_rule(module, connection) if code != 200: module.fail_json(msg=response) if module.params['auto_publish_session']: publish(connection) if module.params['auto_install_policy']: install_policy(connection, module.params['policy_package'], module.params['targets']) result['changed'] = True result['checkpoint_access_rules'] = response else: pass elif code == 404: code, response = create_access_rule(module, connection) if code != 200: module.fail_json(msg=response) if module.params['auto_publish_session']: publish(connection) if module.params['auto_install_policy']: install_policy(connection, module.params['policy_package'], module.params['targets']) result['changed'] = True result['checkpoint_access_rules'] = response else: if code == 200: code, response = delete_access_rule(module, connection) if code != 200: module.fail_json(msg=response) if module.params['auto_publish_session']: publish(connection) if module.params['auto_install_policy']: install_policy(connection, module.params['policy_package'], module.params['targets']) result['changed'] = True result['checkpoint_access_rules'] = response elif code == 404: pass result['checkpoint_session_uid'] = connection.get_session_uid() module.exit_json(**result)