Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

network and install policy modules for example #55446

Closed
wants to merge 22 commits into from
Closed
Changes from 2 commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

@@ -26,14 +26,18 @@
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

from __future__ import (absolute_import, division, print_function)
from ansible.module_utils.connection import Connection

checkpoint_argument_spec = dict(auto_publish_session=dict(type='bool', default=True),

This comment has been minimized.

Copy link
@justjais

justjais Jun 10, 2019

Contributor

plz do not, change this else if the tests written by Ricky would be using respective params shippable-tests will fail and we'll not be able to proceed further, please put a comment for these param as used by checkpoint_* modules which shall be deprecated in future.

This comment has been minimized.

Copy link
@chkp-orso

chkp-orso Jun 10, 2019

Author Contributor

ok thanks

policy_package=dict(type='str', default='standard'),
auto_install_policy=dict(type='bool', default=True),

checkpoint_argument_spec = dict(auto_publish_session=dict(type='bool'),
policy_package=dict(type='str'),
auto_install_policy=dict(type='bool'),
targets=dict(type='list')
)


# publish the session
def publish(connection, uid=None):
payload = None

@@ -43,6 +47,7 @@ def publish(connection, uid=None):
connection.send_request('/web_api/publish', payload)


# discard changes of session
def discard(connection, uid=None):
payload = None

@@ -52,8 +57,142 @@ def discard(connection, uid=None):
connection.send_request('/web_api/discard', payload)


# install policy of session
def install_policy(connection, policy_package, targets):
payload = {'policy-package': policy_package,
'targets': targets}

connection.send_request('/web_api/install-policy', payload)


# get the object from checkpoint DB, if exist
def get_api_call_object(connection, api_call_object, unique_payload_for_get):
code, response = connection.send_request('/web_api/show-' + api_call_object, unique_payload_for_get)

return code, response


# add object to checkpoint DB
def add_api_call_object(connection, api_call_object, payload):
code, response = connection.send_request('/web_api/add-' + api_call_object, payload)

return code, response


# set object in checkpoint DB
def set_api_call_object(connection, api_call_object, payload):
code, response = connection.send_request('/web_api/set-' + api_call_object, payload)

return code, response


# delete object from checkpoint DB
def delete_api_call_object(connection, api_call_object, payload):
code, response = connection.send_request('/web_api/delete-' + api_call_object, payload)

return code, response


# check if the object the user inserted is equals to the object in the checkpoint DB
def needs_update(payload, api_call_object):
# we implement this as new API call for checkpoint, so ignore this function for now.
return True


# run the api command
def run_api_command(connection, command, payload):
code, response = connection.send_request('/web_api/' + command, payload)

return code, response


# get the payload from the user parameters
def get_payload_from_user_parameters(module, user_parameters):
payload = {}
for parameter in user_parameters:
if module.params[parameter]:
payload[parameter.replace("_", "-")] = module.params[parameter]
return payload


# handle a command
def api_command(module, command, user_parameters):
payload = get_payload_from_user_parameters(module, user_parameters)
connection = Connection(module._socket_path)
code, response = run_api_command(connection, command, payload)
result = {'changed': True}

if code == 200:
result['checkpoint_' + command.replace("-", "_")] = response
else:
module.fail_json(msg='Checkpoint device returned error {0} with message {1}'.format(code, response))

module.exit_json(**result)


# handle api call facts
def api_call_facts(module, api_call_object, user_parameters):
payload = get_payload_from_user_parameters(module, user_parameters)
file_name_plural = "checkpoint_" + api_call_object.replace("_", "-") + "s"
if payload.get("name") is None and payload.get("uid") is None:
api_call_object += "s"
connection = Connection(module._socket_path)
code, response = get_api_call_object(connection, api_call_object, payload)
if code == 200:
module.exit_json(ansible_facts={file_name_plural: response})
else:
module.fail_json(msg='Checkpoint device returned error {0} with message {1}'.format(code, response))


# handle api call
def api_call(module, api_call_object, user_parameters, unique_payload_for_get):
payload = get_payload_from_user_parameters(module, user_parameters)
file_name_plural = "checkpoint_" + api_call_object.replace("_", "-") + "s"
connection = Connection(module._socket_path)
code, response = get_api_call_object(connection, api_call_object, unique_payload_for_get)
result = {'changed': False}

if module.params['state'] == 'present':
if code == 200:
if needs_update(payload, response):
code, response = set_api_call_object(connection, api_call_object, payload)
if module.params['auto_publish_session']:
publish(connection)

if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])

result['changed'] = True
result[file_name_plural] = response
else:
pass
elif code == 404:
code, response = add_api_call_object(connection, api_call_object, payload)
if code != 200:
module.fail_json(msg=response)

if module.params['auto_publish_session']:
publish(connection)

if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])

result['changed'] = True
result['to delete2'] = 'to delete2'
result[file_name_plural] = response
else:
if code == 200:
code, response = delete_api_call_object(connection, api_call_object, payload)

if module.params['auto_publish_session']:
publish(connection)

if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])

result['changed'] = True
elif code == 404:
pass

result['checkpoint_session_uid'] = connection.get_session_uid()
module.exit_json(**result)
@@ -76,18 +76,15 @@
- Publish the current session if changes have been performed
after task completes.
type: bool
default: 'yes'
auto_install_policy:
description:
- Install the package policy if changes have been performed
after the task completes.
type: bool
default: 'yes'
policy_package:
description:
- Package policy name to be installed.
type: str
default: 'standard'
targets:
description:
- Targets to install the package policy on.
@@ -54,18 +54,15 @@
- Publish the current session if changes have been performed
after task completes.
type: bool
default: 'yes'
auto_install_policy:
description:
- Install the package policy if changes have been performed
after the task completes.
type: bool
default: 'yes'
policy_package:
description:
- Package policy name to be installed.
type: str
default: 'standard'
targets:
description:
- Targets to install the package policy on.
@@ -0,0 +1,123 @@
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#

from __future__ import (absolute_import, division, print_function)
__metaclass__ = type


ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'network'}

This comment has been minimized.

Copy link
@justjais

justjais May 13, 2019

Contributor
Suggested change
'supported_by': 'network'}
'supported_by': 'community'}


DOCUMENTATION = """
---
module: checkpoint_install_policy
short_description: Install policy on Checkpoint devices over Web Services API
description:
- Install policy on Checkpoint devices.
All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
options:
policy_package:
description:
- The name of the Policy Package to be installed.
type: str
required: True
targets:
description:
- On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
type: list
required: True
access:
description:
- Set to be true in order to install the Access Control policy. By default, the value is true if Access Control
policy is enabled on the input policy package, otherwise false.
type: bool
desktop_security:
description:
- Set to be true in order to install the Desktop Security policy. By default, the value is true if desktop
security policy is enabled on the input policy package, otherwise false.
type: bool
qos:
description:
- Set to be true in order to install the QoS policy. By default, the value is true if Quality-of-Service policy is
enabled on the input policy package, otherwise false.
type: bool
threat_prevention:
description:
- Set to be true in order to install the Threat Prevention policy. By default, the value is true if Threat
Prevention policy is enabled on the input policy package, otherwise false.
type: bool
install_on_all_cluster_members_or_fail:
description:
- Relevant for the gateway clusters. If true, the policy is installed on all the cluster members. If the
installation on a cluster member fails, don't install on that cluster.
type: bool
prepare_only:
description:
- If true, prepares the policy for the installation, but doesn't install it on an installation target.
type: bool
revision:
description:
- The UID of the revision of the policy to install.
type: str
"""

EXAMPLES = """
- name: Install policy
checkpoint_install_policy:
policy_package: "standard"
targets: "the_target"

This comment has been minimized.

Copy link
@justjais

justjais May 13, 2019

Contributor

So, for install_policy, state option is not eligible? and if not then this module is used only to install_policy, so do you have plans to handle uninstalling of policy in diff modules, if not then plz include state option with present for install and absent for uninstall policy.

"""

RETURN = """
checkpoint_install_policy:
description: The checkpoint install policy output.
returned: always.
type: str
"""


from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import api_command


def main():
argument_spec = dict(
policy_package=dict(type='str', required=True),
targets=dict(type='list', required=True),
access=dict(type='bool'),
desktop_security=dict(type='bool'),
qos=dict(type='bool'),
threat_prevention=dict(type='bool'),
install_on_all_cluster_members_or_fail=dict(type='bool'),
prepare_only=dict(type='bool'),
revision=dict(type='str')
)

user_parameters = list(argument_spec.keys())
module = AnsibleModule(argument_spec=argument_spec)
command = "install-policy"

api_command(module, command, user_parameters)


if __name__ == '__main__':
main()
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.