def api_call_for_rule(module, api_call_object):
is_access_rule = True if 'access' in api_call_object else False
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
result = {'changed': False}
if module.check_mode:
return result
# if user insert a specific version, we add it to the url
version = ('v' + module.params['version'] +
'/') if module.params.get('version') else ''
if is_access_rule:
copy_payload_without_some_params = get_copy_payload_without_some_params(
payload, ['action', 'position'])
else:
copy_payload_without_some_params = get_copy_payload_without_some_params(
payload, ['position'])
payload_for_equals = {
'type': api_call_object,
'params': copy_payload_without_some_params
}
equals_code, equals_response = send_request(connection, version, 'equals',
payload_for_equals)
result['checkpoint_session_uid'] = connection.get_session_uid()
# if code is 400 (bad request) or 500 (internal error) - fail
if equals_code == 400 or equals_code == 500:
module.fail_json(msg=equals_response)
if equals_code == 404 and equals_response[
'code'] == 'generic_err_command_not_found':
module.fail_json(
msg=
'Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center.'
)
if module.params['state'] == 'present':
if equals_code == 200:
if equals_response['equals']:
if not is_equals_with_all_params(payload, connection, version,
api_call_object,
is_access_rule):
equals_response['equals'] = False
if not equals_response['equals']:
# if user insert param 'position' and needed to use the 'set' command, change the param name to 'new-position'
if 'position' in payload:
payload['new-position'] = payload['position']
del payload['position']
code, response = send_request(connection, version,
'set-' + api_call_object,
payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
result[api_call_object] = response
else:
# objects are equals and there is no need for set request
pass
elif equals_code == 404:
code, response = send_request(connection, version,
'add-' + api_call_object, payload)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
result[api_call_object] = response
elif module.params['state'] == 'absent':
if equals_code == 200:
payload_for_delete = get_copy_payload_with_some_params(
payload, delete_params)
code, response = send_request(connection, version,
'delete-' + api_call_object,
payload_for_delete)
if code != 200:
module.fail_json(msg=response)
handle_publish(module, connection, version)
result['changed'] = True
elif equals_code == 404:
# no need to delete because object dose not exist
pass
return result
def main():
argument_spec = dict(name=dict(type='str', required=True),
layer=dict(type='str'),
position=dict(type='str'),
source=dict(type='str'),
destination=dict(type='str'),
action=dict(type='str', default='drop'),
enabled=dict(type='bool', default=True),
state=dict(type='str', default='present'))
argument_spec.update(checkpoint_argument_spec)
required_if = [('state', 'present', ('layer', 'position'))]
module = AnsibleModule(argument_spec=argument_spec,
required_if=required_if)
connection = Connection(module._socket_path)
code, response = get_access_rule(module, connection)
result = {'changed': False}
if module.params['state'] == 'present':
if code == 200:
if needs_update(module, response):
code, response = update_access_rule(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection,
module.params['policy_package'],
module.params['targets'])
result['changed'] = True
result['checkpoint_access_rules'] = response
else:
pass
elif code == 404:
code, response = create_access_rule(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'],
module.params['targets'])
result['changed'] = True
result['checkpoint_access_rules'] = response
else:
if code == 200:
code, response = delete_access_rule(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'],
module.params['targets'])
result['changed'] = True
result['checkpoint_access_rules'] = response
elif code == 404:
pass
result['checkpoint_session_uid'] = connection.get_session_uid()
module.exit_json(**result)
