diff --git a/galaxy.yml b/galaxy.yml index e1a6c6a..7501973 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: check_point name: mgmt # The version of the collection. Must be compatible with semantic versioning -version: 5.2.3 +version: 6.0.0 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md @@ -17,9 +17,9 @@ readme: README.md # A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) # @nicks:irc/im.site#channel' authors: - - Or Soffer - - Shiran Golzar - - Eden Brillant +- Or Soffer +- Shiran Golzar +- Eden Brillant ### OPTIONAL but strongly recommended @@ -30,7 +30,7 @@ description: Check Point collection for the Management Server # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' license: - - GPL-2.0-or-later +- GPL-2.0-or-later # The path to the license file for the collection. This path is relative to the root of the collection. This key is # mutually exclusive with 'license' diff --git a/plugins/module_utils/checkpoint.py b/plugins/module_utils/checkpoint.py index 8481036..f3705c6 100644 --- a/plugins/module_utils/checkpoint.py +++ b/plugins/module_utils/checkpoint.py @@ -39,7 +39,6 @@ utils, ) - BASE_HEADERS = { "Content-Type": "application/json", "User-Agent": "Ansible", @@ -77,7 +76,8 @@ "package", "ignore-errors", "ignore-warnings", - "gateway-uid" + "gateway-uid", + "url" ] remove_from_set_payload = { @@ -88,6 +88,11 @@ "main-ip-address", ], "md-permissions-profile": ["permission-level"], + "access-section": ["position"], + "nat-section": ["position"], + "https-section": ["position"], + "mobile-access-section": ["position"], + "mobile-access-profile-section": ["position"], } remove_from_add_payload = {"lsm-cluster": ["name"]} @@ -265,7 +270,7 @@ def is_checkpoint_param(parameter): def contains_show_identifier_param(payload): - identifier_params = ["name", "uid", "assigned-domain", "task-id", "signature"] + identifier_params = ["name", "uid", "assigned-domain", "task-id", "signature", "url"] for param in identifier_params: if payload.get(param) is not None: return True @@ -283,9 +288,9 @@ def get_payload_from_parameters(params): parameter.replace("_", "-") ] = get_payload_from_parameters(parameter_value) elif ( - isinstance(parameter_value, list) - and len(parameter_value) != 0 - and isinstance(parameter_value[0], dict) + isinstance(parameter_value, list) + and len(parameter_value) != 0 + and isinstance(parameter_value[0], dict) ): payload_list = [] for element_dict in parameter_value: @@ -296,12 +301,12 @@ def get_payload_from_parameters(params): else: # special handle for this param in order to avoid two params called "version" if ( - parameter == "gateway_version" - or parameter == "cluster_version" - or parameter == "server_version" - or parameter == "check_point_host_version" - or parameter == "target_version" - or parameter == "vsx_version" + parameter == "gateway_version" + or parameter == "cluster_version" + or parameter == "server_version" + or parameter == "check_point_host_version" + or parameter == "target_version" + or parameter == "vsx_version" ): parameter = "version" @@ -320,8 +325,8 @@ def wait_for_task(module, version, connection, task_id): task_complete = False minutes_until_timeout = 30 if ( - module.params["wait_for_task_timeout"] is not None - and module.params["wait_for_task_timeout"] >= 0 + module.params["wait_for_task_timeout"] is not None + and module.params["wait_for_task_timeout"] >= 0 ): minutes_until_timeout = module.params["wait_for_task_timeout"] max_num_iterations = minutes_until_timeout * 30 @@ -1152,7 +1157,7 @@ def build_rulebase_payload(api_call_object, payload, position_number): def build_rulebase_command(api_call_object): - rulebase_command = "show-" + api_call_object.split("-")[0] + "-rulebase" + rulebase_command = "show-" + api_call_object + "base" if api_call_object == "threat-exception": rulebase_command = "show-threat-rule-exception-rulebase" @@ -1195,17 +1200,22 @@ def get_relevant_show_rulebase_command(api_call_object): return "show-threat-rule-exception-rulebase" elif api_call_object == 'nat-rule': return 'show-nat-rulebase' - # uncomment code below when https module is added as a crud module - # elif api_call_object == 'https-rule': - # return 'show-https-rulebase' + elif api_call_object == 'https-rule': + return 'show-https-rulebase' + elif api_call_object == 'mobile-access-rule': + return 'show-mobile-access-rulebase' + elif api_call_object == 'mobile-access-profile-rule': + return 'show-mobile-access-profile-rulebase' # returns the show rulebase payload with the relevant required identifiers params def get_relevant_show_rulebase_identifier_payload(api_call_object, payload): + show_rulebase_payload = {} if api_call_object == 'nat-rule': show_rulebase_payload = {'package': payload['package']} - else: + # mobile-access-x apis don't have an identifier in show rulebase command + elif 'mobile-access' not in api_call_object: show_rulebase_payload = {'name': payload['layer']} if api_call_object == 'threat-exception': @@ -1229,7 +1239,6 @@ def get_relevant_layer_or_package_identifier(api_call_object, payload): def is_equals_with_position_param( payload, connection, version, api_call_object ): - ( position_number, section_according_to_position, @@ -1396,18 +1405,13 @@ def api_call_for_rule(module, api_call_object): # check if call is in plural form def call_is_plural(api_call_object, payload): - is_plural = False - if "access" in api_call_object and payload.get("layer") is None: - is_plural = True - elif "threat" in api_call_object and payload.get("layer") is None: - is_plural = True - elif ( - "nat" in api_call_object - and payload.get("name") is None - and payload.get("rule-number") is None - ): - is_plural = True - return is_plural + if payload.get("name") is not None or payload.get("rule-number") is not None and \ + ("nat" in api_call_object or "mobile-access" in api_call_object): + return False + if payload.get("layer") is None and \ + ("access" in api_call_object or "threat" in api_call_object or "https" in api_call_object): + return True + return False # handle api call facts for rule @@ -1418,7 +1422,7 @@ def api_call_facts_for_rule( connection = Connection(module._socket_path) version = get_version(module) - # if there is no layer, the API command will be in plural version (e.g. show-hosts instead of show-host) + # if there is no layer, the API command will be in plural version (e.g. show-https-rulebase instead of show-https-rule) if call_is_plural(api_call_object, payload): api_call_object = api_call_object_plural_version @@ -1646,14 +1650,14 @@ def handle_publish(self, connection, version, payload): # handle call def handle_call( - self, - connection, - version, - api_url, - payload, - to_discard_on_failure, - session_uid=None, - to_publish=False, + self, + connection, + version, + api_url, + payload, + to_discard_on_failure, + session_uid=None, + to_publish=False, ): code, response = send_request(connection, version, api_url, payload) if code != 200: @@ -1662,7 +1666,7 @@ def handle_call( code, response, connection, version, session_uid ) elif "object_not_found" not in response.get( - "code" + "code" ) and "not found" not in response.get("message"): raise _fail_json( "Checkpoint session with ID: {0}".format(session_uid) @@ -1690,13 +1694,13 @@ def handle_call( # handle the call and set the result with 'changed' and teh response def handle_add_and_set_result( - self, - connection, - version, - api_url, - payload, - session_uid, - auto_publish_session=False, + self, + connection, + version, + api_url, + payload, + session_uid, + auto_publish_session=False, ): code, response = self.handle_call( connection, @@ -1751,15 +1755,15 @@ def api_call_facts(self, connection, payload, api_call_object, version): # handle api call def api_call( - self, - connection, - payload, - remove_keys, - api_call_object, - state, - equals_response, - version, - delete_params, + self, + connection, + payload, + remove_keys, + api_call_object, + state, + equals_response, + version, + delete_params, ): result = {} auto_publish_session = False diff --git a/plugins/modules/cp_mgmt_access_section.py b/plugins/modules/cp_mgmt_access_section.py index 1a165cd..c79ba85 100644 --- a/plugins/modules/cp_mgmt_access_section.py +++ b/plugins/modules/cp_mgmt_access_section.py @@ -45,6 +45,29 @@ description: - Position in the rulebase. type: str + relative_position: + description: + - Position in the rulebase. + - Use of this field is relevant only for "add" operation. + type: dict + version_added: "6.0.0" + suboptions: + below: + description: + - Add section below specific rule/section identified by name. + type: str + above: + description: + - Add section above specific rule/section identified by name. + type: str + top: + description: + - Add section to the top of a specific section identified by name. + type: str + bottom: + description: + - Add section to the bottom of a specific section identified by name. + type: str name: description: - Object name. @@ -106,6 +129,15 @@ def main(): argument_spec = dict( layer=dict(type="str"), position=dict(type="str"), + relative_position=dict( + type="dict", + options=dict( + below=dict(type="str"), + above=dict(type="str"), + top=dict(type="str"), + bottom=dict(type="str"), + ), + ), name=dict(type="str", required=True), details_level=dict(type="str", choices=["uid", "standard", "full"]), ignore_warnings=dict(type="bool"), @@ -118,6 +150,14 @@ def main(): ) api_call_object = "access-section" + if module.params["relative_position"] is not None: + if module.params["position"] is not None: + raise AssertionError( + "The use of both 'relative_position' and 'position' arguments isn't allowed" + ) + module.params["position"] = module.params["relative_position"] + module.params.pop("relative_position") + result = api_call(module, api_call_object) module.exit_json(**result) diff --git a/plugins/modules/cp_mgmt_add_custom_trusted_ca_certificate.py b/plugins/modules/cp_mgmt_add_custom_trusted_ca_certificate.py new file mode 100644 index 0000000..ba8f66b --- /dev/null +++ b/plugins/modules/cp_mgmt_add_custom_trusted_ca_certificate.py @@ -0,0 +1,95 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_custom_trusted_ca_certificate +short_description: Create new custom trusted CA certificate. +description: + - Create new custom trusted CA certificate. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + base64_certificate: + description: + - Certificate file encoded in base64.
Valid file formats, x509. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-custom-trusted-ca-certificate + cp_mgmt_add_custom_trusted_ca_certificate: + base64_certificate: + MIIEkzCCAnugAwIBAgIVAO5SRZQELwNNhWF+8st6ox9uXYgeMA0GCSqGSIb3DQEBCwUAMIGrMQswCQYDVQQGEwJJTDEPMA0GA1UECBMGSXNyYWVsMS4wLAYDVQQKEyVDaGVja1BvaW50IFNvZnR3YXJlIF + lY2hub2xvZ2llcyBMVEQuMQwwCgYDVQQLEwNNSVMxIjAgBgNVBAMTGUNoZWNrUG9pbnQtU1NMLUluc3BlY3Rpb24xKTAnBgkqhkiG9w0BCQEWGmlsX3NlY3VyaXR5QGNoZWNrcG9pbnQuY29tMB4XDTIzM + MxMzAwMDAwMFoXDTIzMDYxMTIzNTk1OVowbzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcTCk1lbmxvIFBhcmsxHTAbBgNVBAoTFE1ldGEgUGxhdGZvcm1zLCBJbmMuMRcw + QYDVQQDDA4qLndoYXRzYXBwLm5ldDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPjo05vRHAJYYWx55SOu2b1ZIQPOOtJNipSBXf1BFBDQhrkp20YTA296MzKii2j3TgVi/1t44cW5mD1RWobfAQujgbM + gbAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdEQRtMGuCDioud2hhdHNhcHAubmV0ghIqLmNkbi53aGF0c2FwcC5uZXSCEiouc25yLndoYXRzYXBwLm5ldIIOKi53aGF0c2FwcC5jb2 + CBXdhLm1lggx3aGF0c2FwcC5jb22CDHdoYXRzYXBwLm5ldDAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAgEAA/sIadLr9ahEVq8h9HuofHODUuzxVFulAZu8uSiyY4ACb + Hcvm36MYQCzYV56t4fe+I++ls8KAESZgdE0KoD5/6efzK05Ufok+y15QexAR5AxZlJqtoHIuc7iOolPbkLW77GKrbgfEgmwOCX9/86Pug4ZSrrBUPPt9i3accNkAP+SH9Lft1geS2E/q+xcRhbhDcYTYD5 + X0MiEv0UaAzwS3adWAZbD7R42u+xNCpX8iUyiwp2UvMf0l/+Q8CAtw4D5s/8hD7Vqvrv4H/ZfV7SrZ+rPrihi01t6LlcpZ2YMucX/tSgDzkjYWmT26V2OgRklM0aQWvHD3DVpghIJfI2swAAJJ5wvqwcJe + WHAQb3aQZgHXjGF/LyBYCQsohTHUL7rhL8CxNlDTNhN2e+NRFGYGer157RCmM8xKroe3/X9pYifbzyEWInqQ+ycmLsQyAd7pPW+W1K1tlk9Niqk3dNQ10daYGau3IPWF5+iHtOlWjLcQrSj60Uv7Ebi0E+ + Oe0tDabunCj6SEauGFxeJhM9xUZnOwb5wqIt+uGqPQ9WRJLehqwdFhiWOqwUfNcksn7l0M6e9Mnkh1J2kGxamQ0bvK7ftpm5O8MTAft0y882IfC++Zuk4gLhQoeE3s6877/rrHRJB/H8ZUaaBxAi2qH0NZ + ParXUxOkil5rVgFqI= +""" + +RETURN = """ +cp_mgmt_add_custom_trusted_ca_certificate: + description: The checkpoint add-custom-trusted-ca-certificate output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + base64_certificate=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-custom-trusted-ca-certificate" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_add_outbound_inspection_certificate.py b/plugins/modules/cp_mgmt_add_outbound_inspection_certificate.py new file mode 100644 index 0000000..7caa9d3 --- /dev/null +++ b/plugins/modules/cp_mgmt_add_outbound_inspection_certificate.py @@ -0,0 +1,150 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_outbound_inspection_certificate +short_description: Add outbound-inspection-certificate +description: + - Add outbound-inspection-certificate + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + issued_by: + description: + - The DN (Distinguished Name) of the certificate. + type: str + required: True + base64_password: + description: + - Password (encoded in Base64 with padding) for the certificate file. + type: str + required: True + valid_from: + description: + - The date, from which the certificate is valid. Format, YYYY-MM-DD. + type: str + required: True + valid_to: + description: + - The certificate expiration date. Format, YYYY-MM-DD. + type: str + required: True + name: + description: + - Object name. + type: str + is_default: + description: + - Is the certificate the default certificate. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-outbound-inspection-certificate + cp_mgmt_add_outbound_inspection_certificate: + base64_password: bXlfcGFzc3dvcmQ= + is_default: 'false' + issued_by: www.checkpoint.com + name: OutboundCertificate + valid_from: '2021-04-17' + valid_to: '2028-04-17' +""" + +RETURN = """ +cp_mgmt_add_outbound_inspection_certificate: + description: The checkpoint add-outbound-inspection-certificate output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + issued_by=dict(type='str', required=True), + base64_password=dict(type='str', no_log=True, required=True), + valid_from=dict(type='str', required=True), + valid_to=dict(type='str', required=True), + name=dict(type='str'), + is_default=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + command = 'add-outbound-inspection-certificate' + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_cp_trusted_ca_certificate_facts.py b/plugins/modules/cp_mgmt_cp_trusted_ca_certificate_facts.py new file mode 100644 index 0000000..d02e2e4 --- /dev/null +++ b/plugins/modules/cp_mgmt_cp_trusted_ca_certificate_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_cp_trusted_ca_certificate_facts +short_description: Retrieve existing Check Point trusted CA certificate objects facts on Checkpoint devices.. +description: + - Retrieve existing Check Point trusted CA certificate objects facts on Checkpoint devices.. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-cp-trusted-ca-certificate + cp_mgmt_cp_trusted_ca_certificate_facts: + name: CA_0090EA36_7A7C_42DF_93EE_CFE97D542FFB + +- name: show-cp-trusted-ca-certificates + cp_mgmt_cp_trusted_ca_certificate_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "cp-trusted-ca-certificate" + api_call_object_plural_version = "cp-trusted-ca-certificates" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_custom_trusted_ca_certificate_facts.py b/plugins/modules/cp_mgmt_custom_trusted_ca_certificate_facts.py new file mode 100644 index 0000000..643cd58 --- /dev/null +++ b/plugins/modules/cp_mgmt_custom_trusted_ca_certificate_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_custom_trusted_ca_certificate_facts +short_description: Retrieve existing custom trusted CA certificate objects facts on Checkpoint devices. +description: + - Retrieve existing custom trusted CA certificate objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-custom-trusted-ca-certificate + cp_mgmt_custom_trusted_ca_certificate_facts: + name: MyCACert + +- name: show-custom-trusted-ca-certificates + cp_mgmt_custom_trusted_ca_certificate_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "custom-trusted-ca-certificate" + api_call_object_plural_version = "custom-trusted-ca-certificates" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_compound_group.py b/plugins/modules/cp_mgmt_data_type_compound_group.py new file mode 100644 index 0000000..cdec984 --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_compound_group.py @@ -0,0 +1,158 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_compound_group +short_description: Manages data-type-compound-group objects on Checkpoint over Web Services API +description: + - Manages data-type-compound-group objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + description: + description: + - For built-in data types, the description explains the purpose of this type of data representation. + For custom-made data types, you can use this field to provide more details. + type: str + matched_groups: + description: + - Each one of these data types must be matched - Select existing data types to add. Traffic must match all the data types of this group to match a rule. + Identified by name or UID. + type: list + elements: str + unmatched_groups: + description: + - Each one of these data types must not be matched - Select existing data types to add to the definition. Traffic that does not contain any data + matching the types in this list will match this compound data type. Identified by name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-data-type-compound-group + cp_mgmt_data_type_compound_group: + description: Compound group object + matched_groups: + - trad-group-obj + name: compound-group-obj + state: present + unmatched_groups: + - keywords_obj + +- name: set-data-type-compound-group + cp_mgmt_data_type_compound_group: + matched_groups: + - trad-group-obj + - trad-group-obj2 + name: compound-group-obj + state: present + unmatched_groups: + - keywords_obj2 + +- name: delete-data-type-compound-group + cp_mgmt_data_type_compound_group: + name: compound-group-obj + state: absent +""" + +RETURN = """ +cp_mgmt_data_type_compound_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + description=dict(type='str'), + matched_groups=dict(type='list', elements='str'), + unmatched_groups=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'data-type-compound-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_compound_group_facts.py b/plugins/modules/cp_mgmt_data_type_compound_group_facts.py new file mode 100644 index 0000000..7c3b239 --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_compound_group_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_compound_group_facts +short_description: Get data-type-compound-group objects facts on Checkpoint over Web Services API +description: + - Get data-type-compound-group objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-data-type-compound-group + cp_mgmt_data_type_compound_group_facts: + name: compound-group-obj + +- name: show-data-type-compound-groups + cp_mgmt_data_type_compound_group_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "data-type-compound-group" + api_call_object_plural_version = "data-type-compound-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_file_attributes.py b/plugins/modules/cp_mgmt_data_type_file_attributes.py new file mode 100644 index 0000000..20de500 --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_file_attributes.py @@ -0,0 +1,175 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_file_attributes +short_description: Manages data-type-file-attributes objects on Checkpoint over Web Services API +description: + - Manages data-type-file-attributes objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + description: + description: + - For built-in data types, the description explains the purpose of this type of data representation. + For custom-made data types, you can use this field to provide more details. + type: str + match_by_file_type: + description: + - Determine whether to consider file type. + type: bool + file_groups_list: + description: + - The file must be one of the types specified in the list. Identified by name or UID. + type: list + elements: str + match_by_file_name: + description: + - Determine whether to consider file name. + type: bool + file_name_contains: + description: + - File name should contain the expression. + type: str + match_by_file_size: + description: + - Determine whether to consider file size. + type: bool + file_size: + description: + - Min File size in KB. + type: int + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-data-type-file-attributes + cp_mgmt_data_type_file_attributes: + file_groups_list: + - Viewer + file_name_contains: expression + file_size: 14 + match_by_file_name: 'true' + match_by_file_size: 'true' + match_by_file_type: 'true' + name: file-attr-obj + state: present + +- name: set-data-type-file-attributes + cp_mgmt_data_type_file_attributes: + file_groups_list: + - Word + match_by_file_size: false + name: file-attr-obj + state: present + +- name: delete-data-type-file-attributes + cp_mgmt_data_type_file_attributes: + name: file-attr-obj + state: absent +""" + +RETURN = """ +cp_mgmt_data_type_file_attributes: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + description=dict(type='str'), + match_by_file_type=dict(type='bool'), + file_groups_list=dict(type='list', elements='str'), + match_by_file_name=dict(type='bool'), + file_name_contains=dict(type='str'), + match_by_file_size=dict(type='bool'), + file_size=dict(type='int'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'data-type-file-attributes' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_file_attributes_facts.py b/plugins/modules/cp_mgmt_data_type_file_attributes_facts.py new file mode 100644 index 0000000..89788eb --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_file_attributes_facts.py @@ -0,0 +1,139 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_file_attributes_facts +short_description: Get data-type-file-attributes objects facts on Checkpoint over Web Services API +description: + - Get data-type-file-attributes objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-data-type-file-attributes + cp_mgmt_data_type_file_attributes_facts: + name: file-attr-obj + +- name: show-data-types-file-attributes + cp_mgmt_data_type_file_attributes_facts: + limit: 5 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "data-type-file-attributes" + api_call_object_plural_version = "data-types-file-attributes" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_file_group_facts.py b/plugins/modules/cp_mgmt_data_type_file_group_facts.py new file mode 100644 index 0000000..74e76f7 --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_file_group_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_file_group_facts +short_description: Get data-type-file-group objects facts on Checkpoint over Web Services API +description: + - Get data-type-file-group objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-data-type-file-group + cp_mgmt_data_type_file_group_facts: + name: Archive + +- name: show-data-type-file-groups + cp_mgmt_data_type_file_group_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "data-type-file-group" + api_call_object_plural_version = "data-type-file-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_group.py b/plugins/modules/cp_mgmt_data_type_group.py new file mode 100644 index 0000000..5a8b06e --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_group.py @@ -0,0 +1,151 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_group +short_description: Manages data-type-group objects on Checkpoint over Web Services API +description: + - Manages data-type-group objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + description: + description: + - For built-in data types, the description explains the purpose of this type of data representation. + For custom-made data types, you can use this field to provide more details. + type: str + file_type: + description: + - List of data-types-file-attributes objects. Identified by name or UID. + type: list + elements: str + file_content: + description: + - List of Data Types, identified by name or UID. At least one must be matched. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-data-type-group + cp_mgmt_data_type_group: + description: add data type group object + file_type: + - file-attr-obj + name: data-group-obj + state: present + +- name: set-data-type-group + cp_mgmt_data_type_group: + file_content: + - keywords_obj + name: data-group-obj + state: present + +- name: delete-data-type-group + cp_mgmt_data_type_group: + name: data-group-obj + state: absent +""" + +RETURN = """ +cp_mgmt_data_type_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + description=dict(type='str'), + file_type=dict(type='list', elements='str'), + file_content=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'data-type-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_group_facts.py b/plugins/modules/cp_mgmt_data_type_group_facts.py new file mode 100644 index 0000000..74a3100 --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_group_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_group_facts +short_description: Get data-type-group objects facts on Checkpoint over Web Services API +description: + - Get data-type-group objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-data-type-group + cp_mgmt_data_type_group_facts: + name: data-group-obj + +- name: show-data-type-groups + cp_mgmt_data_type_group_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "data-type-group" + api_call_object_plural_version = "data-type-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_keywords.py b/plugins/modules/cp_mgmt_data_type_keywords.py new file mode 100644 index 0000000..d703640 --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_keywords.py @@ -0,0 +1,161 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_keywords +short_description: Manages data-type-keywords objects on Checkpoint over Web Services API +description: + - Manages data-type-keywords objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + description: + description: + - For built-in data types, the description explains the purpose of this type of data representation. + For custom-made data types, you can use this field to provide more details. + type: str + keywords: + description: + - Specify keywords or phrases to search for. + type: list + elements: str + data_match_threshold: + description: + - If set to all-keywords - the data will be matched to the rule only if all the words in the list appear in the data contents. + When set to min-keywords any number of the words may appear according to configuration. + type: str + choices: ['all-keywords', 'min-keywords'] + min_number_of_keywords: + description: + - Define how many of the words in the list must appear in the contents of the data to match the rule. + type: int + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-data-type-keywords + cp_mgmt_data_type_keywords: + data_match_threshold: all-keywords + description: keywords object + keywords: + - word1 + - word2 + name: keywords_obj + state: present + +- name: set-data-type-keywords + cp_mgmt_data_type_keywords: + data_match_threshold: min-keywords + keywords: + - word3 + min_number_of_keywords: 3 + name: keywords_obj + state: present + +- name: delete-data-type-keywords + cp_mgmt_data_type_keywords: + name: keywords_obj + state: absent +""" + +RETURN = """ +cp_mgmt_data_type_keywords: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + description=dict(type='str'), + keywords=dict(type='list', elements='str'), + data_match_threshold=dict(type='str', choices=['all-keywords', 'min-keywords']), + min_number_of_keywords=dict(type='int'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'data-type-keywords' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_keywords_facts.py b/plugins/modules/cp_mgmt_data_type_keywords_facts.py new file mode 100644 index 0000000..ca9be2b --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_keywords_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_keywords_facts +short_description: Get data-type-keywords objects facts on Checkpoint over Web Services API +description: + - Get data-type-keywords objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-data-type-keywords + cp_mgmt_data_type_keywords_facts: + name: keywords_obj + +- name: show-data-types-keywords + cp_mgmt_data_type_keywords_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "data-type-keywords" + api_call_object_plural_version = "data-types-keywords" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_patterns.py b/plugins/modules/cp_mgmt_data_type_patterns.py new file mode 100644 index 0000000..8e9e1ab --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_patterns.py @@ -0,0 +1,153 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_patterns +short_description: Manages data-type-patterns objects on Checkpoint over Web Services API +description: + - Manages data-type-patterns objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + description: + description: + - For built-in data types, the description explains the purpose of this type of data representation. + For custom-made data types, you can use this field to provide more details. + type: str + patterns: + description: + - Regular expressions to be evaluated. + type: list + elements: str + number_of_occurrences: + description: + - Define how many times the patterns must appear to be considered data to be protected. + type: int + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-data-type-patterns + cp_mgmt_data_type_patterns: + description: data type pattern object + name: pattern-obj + number_of_occurrences: 4 + patterns: + - a*b + - ^d + state: present + +- name: set-data-type-patterns + cp_mgmt_data_type_patterns: + name: pattern-obj + number_of_occurrences: 3 + patterns: + - a*b + state: present + +- name: delete-data-type-patterns + cp_mgmt_data_type_patterns: + name: pattern-obj + state: absent +""" + +RETURN = """ +cp_mgmt_data_type_patterns: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + description=dict(type='str'), + patterns=dict(type='list', elements='str'), + number_of_occurrences=dict(type='int'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'data-type-patterns' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_patterns_facts.py b/plugins/modules/cp_mgmt_data_type_patterns_facts.py new file mode 100644 index 0000000..46c9537 --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_patterns_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_patterns_facts +short_description: Get data-type-patterns objects facts on Checkpoint over Web Services API +description: + - Get data-type-patterns objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-data-type-patterns + cp_mgmt_data_type_patterns_facts: + name: pattern-obj + +- name: show-data-types-patterns + cp_mgmt_data_type_patterns_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "data-type-patterns" + api_call_object_plural_version = "data-types-patterns" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_traditional_group.py b/plugins/modules/cp_mgmt_data_type_traditional_group.py new file mode 100644 index 0000000..129a5ab --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_traditional_group.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_traditional_group +short_description: Manages data-type-traditional-group objects on Checkpoint over Web Services API +description: + - Manages data-type-traditional-group objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + description: + description: + - For built-in data types, the description explains the purpose of this type of data representation. + For custom-made data types, you can use this field to provide more details. + type: str + data_types: + description: + - List of data-types.If data matches any of the data types in the group, the data type group is matched. + Identified by name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-data-type-traditional-group + cp_mgmt_data_type_traditional_group: + data_types: + - weighted-words-obj + - file-attr-obj + description: traditional group object + name: trad-group-obj + state: present + +- name: set-data-type-traditional-group + cp_mgmt_data_type_traditional_group: + data_types: + - keywords_obj + name: trad-group-obj + state: present + +- name: delete-data-type-traditional-group + cp_mgmt_data_type_traditional_group: + name: trad-group-obj + state: absent +""" + +RETURN = """ +cp_mgmt_data_type_traditional_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + description=dict(type='str'), + data_types=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'data-type-traditional-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_traditional_group_facts.py b/plugins/modules/cp_mgmt_data_type_traditional_group_facts.py new file mode 100644 index 0000000..ce45b38 --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_traditional_group_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_traditional_group_facts +short_description: Get data-type-traditional-group objects facts on Checkpoint over Web Services API +description: + - Get data-type-traditional-group objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-data-type-traditional-group + cp_mgmt_data_type_traditional_group_facts: + name: trad-group-obj + +- name: show-data-type-traditional-groups + cp_mgmt_data_type_traditional_group_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "data-type-traditional-group" + api_call_object_plural_version = "data-type-traditional-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_weighted_keywords.py b/plugins/modules/cp_mgmt_data_type_weighted_keywords.py new file mode 100644 index 0000000..12fe882 --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_weighted_keywords.py @@ -0,0 +1,184 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_weighted_keywords +short_description: Manages data-type-weighted-keywords objects on Checkpoint over Web Services API +description: + - Manages data-type-weighted-keywords objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + weighted_keywords: + description: + - List of keywords or phrases. + type: list + elements: dict + suboptions: + keyword: + description: + - keyword or regular expression to be weighted. + type: str + weight: + description: + - Weight of the expression. + type: int + max_weight: + description: + - Max weight of the expression. + type: int + regex: + description: + - Determine whether to consider the expression as a regular expression. + type: bool + description: + description: + - For built-in data types, the description explains the purpose of this type of data representation. + For custom-made data types, you can use this field to provide more details. + type: str + sum_of_weights_threshold: + description: + - Define the number of appearances, by weight, of all the keywords that, beyond this threshold, + the data containing this list of words or phrases will be recognized as data to be protected. + type: int + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-data-type-weighted-keywords + cp_mgmt_data_type_weighted_keywords: + name: weighted-words-obj + state: present + sum_of_weights_threshold: 10 + weighted_keywords: + - keyword: word1 + max_weight: 4 + regex: true + weight: 3 + +- name: set-data-type-weighted-keywords + cp_mgmt_data_type_weighted_keywords: + name: weighted-words-obj + state: present + sum_of_weights_threshold: 15 + weighted_keywords: + - keyword: word1 + max_weight: 4 + regex: true + weight: 3 + - keyword: word2 + max_weight: 5 + regex: false + weight: 2 + +- name: delete-data-type-weighted-keywords + cp_mgmt_data_type_weighted_keywords: + name: weighted-words-obj + state: absent +""" + +RETURN = """ +cp_mgmt_data_type_weighted_keywords: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + weighted_keywords=dict(type='list', elements='dict', options=dict( + keyword=dict(type='str'), + weight=dict(type='int'), + max_weight=dict(type='int'), + regex=dict(type='bool') + )), + description=dict(type='str'), + sum_of_weights_threshold=dict(type='int'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'data-type-weighted-keywords' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_data_type_weighted_keywords_facts.py b/plugins/modules/cp_mgmt_data_type_weighted_keywords_facts.py new file mode 100644 index 0000000..187274f --- /dev/null +++ b/plugins/modules/cp_mgmt_data_type_weighted_keywords_facts.py @@ -0,0 +1,139 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_type_weighted_keywords_facts +short_description: Get data-type-weighted-keywords objects facts on Checkpoint over Web Services API +description: + - Get data-type-weighted-keywords objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-data-type-weighted-keywords + cp_mgmt_data_type_weighted_keywords_facts: + name: weighted-words-obj + +- name: show-data-types-weighted-keywords + cp_mgmt_data_type_weighted_keywords_facts: + limit: 5 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "data-type-weighted-keywords" + api_call_object_plural_version = "data-types-weighted-keywords" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_delete_custom_trusted_ca_certificate.py b/plugins/modules/cp_mgmt_delete_custom_trusted_ca_certificate.py new file mode 100644 index 0000000..d84256f --- /dev/null +++ b/plugins/modules/cp_mgmt_delete_custom_trusted_ca_certificate.py @@ -0,0 +1,94 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_custom_trusted_ca_certificate +short_description: Delete existing custom trusted CA certificate using name or uid. +description: + - Delete existing custom trusted CA certificate using name or uid. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-custom-trusted-ca-certificate + cp_mgmt_delete_custom_trusted_ca_certificate: + name: MyCACert +""" + +RETURN = """ +cp_mgmt_delete_custom_trusted_ca_certificate: + description: The checkpoint delete-custom-trusted-ca-certificate output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-custom-trusted-ca-certificate" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_delete_infinity_idp.py b/plugins/modules/cp_mgmt_delete_infinity_idp.py new file mode 100644 index 0000000..a21fe85 --- /dev/null +++ b/plugins/modules/cp_mgmt_delete_infinity_idp.py @@ -0,0 +1,94 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_infinity_idp +short_description: Delete Infinity Identity Provider from the Infinity Portal using object name or uid. +description: + - Delete Infinity Identity Provider from the Infinity Portal using object name or uid. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-infinity-idp + cp_mgmt_delete_infinity_idp: + name: Azure1_Infinity +""" + +RETURN = """ +cp_mgmt_delete_infinity_idp: + description: The checkpoint delete-infinity-idp output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-infinity-idp" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_delete_infinity_idp_object.py b/plugins/modules/cp_mgmt_delete_infinity_idp_object.py new file mode 100644 index 0000000..cec9a6b --- /dev/null +++ b/plugins/modules/cp_mgmt_delete_infinity_idp_object.py @@ -0,0 +1,94 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_infinity_idp_object +short_description: Delete users/groups/machines from the Identity Provider using object name or uid. +description: + - Delete users/groups/machines from the Identity Provider using object name or uid. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-infinity-idp-object + cp_mgmt_delete_infinity_idp_object: + name: Infinity_IDP_obj +""" + +RETURN = """ +cp_mgmt_delete_infinity_idp_object: + description: The checkpoint delete-infinity-idp-object output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-infinity-idp-object" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_delete_outbound_inspection_certificate.py b/plugins/modules/cp_mgmt_delete_outbound_inspection_certificate.py new file mode 100644 index 0000000..8186da5 --- /dev/null +++ b/plugins/modules/cp_mgmt_delete_outbound_inspection_certificate.py @@ -0,0 +1,94 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_outbound_inspection_certificate +short_description: Delete outbound-inspection-certificate +description: + - Delete outbound-inspection-certificate + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-outbound-inspection-certificate + cp_mgmt_delete_outbound_inspection_certificate: + name: OutboundCertificate +""" + +RETURN = """ +cp_mgmt_delete_outbound_inspection_certificate: + description: The checkpoint delete-outbound-inspection-certificate output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + command = 'delete-outbound-inspection-certificate' + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_external_trusted_ca.py b/plugins/modules/cp_mgmt_external_trusted_ca.py new file mode 100644 index 0000000..51b19dc --- /dev/null +++ b/plugins/modules/cp_mgmt_external_trusted_ca.py @@ -0,0 +1,185 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_external_trusted_ca +short_description: Manages external-trusted-ca objects on Checkpoint over Web Services API +description: + - Manages external-trusted-ca objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + base64_certificate: + description: + - Certificate file encoded in base64. + type: str + retrieve_crl_from_http_servers: + description: + - Whether to retrieve Certificate Revocation List from http servers. + type: bool + crl_cache_method: + description: + - Weather to retrieve new Certificate Revocation List after the certificate expires or after a fixed period. + type: str + choices: ['timeout', 'expiration date'] + crl_cache_timeout: + description: + - When to fetch new Certificate Revocation List (in minutes). + type: int + allow_certificates_from_branches: + description: + - Allow only certificates from listed branches. + type: bool + branches: + description: + - Branches to allow certificates from. Required only if "allow-certificates-from-branches" set to "true". + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-external-trusted-ca + cp_mgmt_external_trusted_ca: + base64_certificate: + MIICujCCAaKgAwIBAgIIP1+IHWHbl0EwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAxMJd3d3LnouY29tMB4XDTIzMTEyOTEyMzAwMFoXDTI0MTEyMDE2MDAwMFowFDESMBAGA1UEAxMJd3d3LnouY29tMI + BIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBreRGuq8u43GBog+ZaAnaR8ZF8cT2ppvtd3JoFmzTOQivLIt9sNtFYqEgHCtnNkKn9TRrxN14YscHgKIxfDSVlC9Rh0rrBvWgFqcm715Whr99Ogx + JbYFkusFWJarSejIFx4n6MM48MJxLdtCP6Hy1G2cj1BCiCHj4i3VIVaDE/aMkSqJbYEvf+vFqUWxY8/uEuKI/HGhI7mhUPW4NSGL0Oafz5eEFVsxqV5NA19/JJZ9NajSkyANnaNL5raxGV0oeqaE3JB3lS + ZfWbH6mQsToUxxwIQfsZiIBozajDdTgP3Kn4SMY0b+I/WAWgfigMSDTAIR8J1sdzGXy2w2kqQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBUgrHztHwC1E0mU5c4reMrHg+ + +YRHrgJNHVIYQbL5I2TJHk9S3UZsynoMa1CO86rReOtR5xoGv4PCkyyOW+PNlWUtXF3tNgqWj/21+XzG4RBHPw89TaTxRCdo+MHX58fi07SIzKjmxfdkEi+7+HQEQluDZGViolrGBAw2rXq/SZ3q/11mNq + b5ZyqyOa2u1sBF1ApvG5a/FBRTaO8gaiNelRf0PGYkuV+1HhF2XyP8Qk565d+uxUH5M7eHF2PNyVk/r/36T+x+UMql9y9iizA0ekuAjXLok1xYl3Vw4S5zXCXYtNZLOVrs+plJb7IrlElyTOAbDFuPugh0 + edz7uZ + name: external_ca + state: present + +- name: set-external-trusted-ca + cp_mgmt_external_trusted_ca: + base64_certificate: + MIICujCCAaKgAwIBAgIIFbLYzT2+3TMwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAxMJd3d3LnouY29tMB4XDTI0MDIwMTEyMzEwMFoXDTI0MTIzMTE2MDAwMFowFDESMBAGA1UEAxMJd3d3LnouY29tMI + BIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBreRGuq8u43GBog+ZaAnaR8ZF8cT2ppvtd3JoFmzTOQivLIt9sNtFYqEgHCtnNkKn9TRrxN14YscHgKIxfDSVlC9Rh0rrBvWgFqcm715Whr99Ogx + JbYFkusFWJarSejIFx4n6MM48MJxLdtCP6Hy1G2cj1BCiCHj4i3VIVaDE/aMkSqJbYEvf+vFqUWxY8/uEuKI/HGhI7mhUPW4NSGL0Oafz5eEFVsxqV5NA19/JJZ9NajSkyANnaNL5raxGV0oeqaE3JB3lS + ZfWbH6mQsToUxxwIQfsZiIBozajDdTgP3Kn4SMY0b+I/WAWgfigMSDTAIR8J1sdzGXy2w2kqQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBxaE9O/LCjKfWeugPeDPvr3Ld + i1mYsgNIyN+ES1iDoJHXrBQpVzZelJRr8leFgbghGUX7Fwdh1qZ2Jw6nmD1oe/Q7jkPzTngb6dIMI/kFK4eXcS4GJ3S7yGobLB7QUKK1vrYWZdNuAzR6jMRmFECS+lPF7zlTexnwwOkATMp6lzS7xEpEhk + 8eLpSQnYzvsM+rL9voU5q9MrdAJ2XaCZe4Crv75NdYU6ljD2eSYDrO148Tg480TlvT5wzBuyanKhI/Po2oLEVWU7h5tkensHKB5zvxigIr9ZkczdzVbbrRFi2jSQy+VxYWc0zCo/uO+yaKmmLfGDQEb8wZ + Y1Ml27 + crl_cache_method: expiration date + name: external_ca + retrieve_crl_from_http_servers: 'false' + state: present + +- name: delete-external-trusted-ca + cp_mgmt_external_trusted_ca: + name: external_ca + state: absent +""" + +RETURN = """ +cp_mgmt_external_trusted_ca: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + base64_certificate=dict(type='str'), + retrieve_crl_from_http_servers=dict(type='bool'), + crl_cache_method=dict(type='str', choices=['timeout', 'expiration date']), + crl_cache_timeout=dict(type='int'), + allow_certificates_from_branches=dict(type='bool'), + branches=dict(type='list', elements='str'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'external-trusted-ca' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_external_trusted_ca_facts.py b/plugins/modules/cp_mgmt_external_trusted_ca_facts.py new file mode 100644 index 0000000..2454313 --- /dev/null +++ b/plugins/modules/cp_mgmt_external_trusted_ca_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_external_trusted_ca_facts +short_description: Get external-trusted-ca objects facts on Checkpoint over Web Services API +description: + - Get external-trusted-ca objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-external-trusted-ca + cp_mgmt_external_trusted_ca_facts: + name: external_ca + +- name: show-external-trusted-cas + cp_mgmt_external_trusted_ca_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "external-trusted-ca" + api_call_object_plural_version = "external-trusted-cas" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_https_rule.py b/plugins/modules/cp_mgmt_https_rule.py new file mode 100644 index 0000000..c7491a6 --- /dev/null +++ b/plugins/modules/cp_mgmt_https_rule.py @@ -0,0 +1,213 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_https_rule +short_description: Manages https-rule objects on Checkpoint over Web Services API +description: + - Manages https-rule objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. + - Available only for R82 Management Machines and above +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + position: + description: + - Position in the rulebase. + type: str + layer: + description: + - Layer that holds the Object. Identified by the Name or UID. + type: str + name: + description: + - Rule name. + type: str + required: True + destination: + description: + - Collection of Network objects identified by Name or UID that represents connection destination. + type: list + elements: str + service: + description: + - Collection of Network objects identified by Name or UID that represents connection service. + type: list + elements: str + source: + description: + - Collection of Network objects identified by Name or UID that represents connection source. + type: list + elements: str + action: + description: + - Rule inspect level. "Bypass" or "Inspect". + type: str + elements: str + blade: + description: + - Blades for HTTPS Inspection. Identified by Name or UID of the blade. + type: list + elements: str + certificate: + description: + - Internal Server Certificate identified by Name or UID, otherwise, "Outbound Certificate" is a default value. + type: str + destination_negate: + description: + - TRUE if "negate" value is set for Destination. + type: bool + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + service_negate: + description: + - TRUE if "negate" value is set for Service. + type: bool + site_category: + description: + - Collection of Site Categories objects identified by the name or UID. + type: list + elements: str + site_category_negate: + description: + - TRUE if "negate" value is set for Site Category. + type: bool + source_negate: + description: + - TRUE if "negate" value is set for Source. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + track: + description: + - a "None","Log","Alert","Mail","SNMP trap","Mail","User Alert 1", "User Alert 2", "User Alert 3". + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-https-rule + cp_mgmt_https_rule: + layer: Default Outbound Layer + name: FirstRule + position: 1 + state: present + +- name: set-https-rule + cp_mgmt_https_rule: + name: FirstRule + position: 2 + layer: Default Outbound Layer + state: present + +- name: delete-https-rule + cp_mgmt_https_rule: + name: FirstRule + layer: Default Outbound Layer + state: absent +""" + +RETURN = """ +cp_mgmt_https_rule: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule + + +def main(): + argument_spec = dict( + position=dict(type='str'), + layer=dict(type='str'), + name=dict(type='str', required=True), + destination=dict(type='list', elements='str'), + service=dict(type='list', elements='str'), + source=dict(type='list', elements='str'), + action=dict(type='str'), + blade=dict(type='list', elements='str'), + certificate=dict(type='str'), + destination_negate=dict(type='bool'), + enabled=dict(type='bool'), + install_on=dict(type='list', elements='str'), + service_negate=dict(type='bool'), + site_category=dict(type='list', elements='str'), + site_category_negate=dict(type='bool'), + source_negate=dict(type='bool'), + tags=dict(type='list', elements='str'), + track=dict(type='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'https-rule' + + if module.params["position"] is None: + result = api_call(module, api_call_object) + else: + result = api_call_for_rule(module, api_call_object) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_https_rule_facts.py b/plugins/modules/cp_mgmt_https_rule_facts.py new file mode 100644 index 0000000..b84cab2 --- /dev/null +++ b/plugins/modules/cp_mgmt_https_rule_facts.py @@ -0,0 +1,211 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_https_rule_facts +short_description: Get https-rule objects facts on Checkpoint over Web Services API +description: + - Get https-rule objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. + - Available only for R82 Management Machines and above +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. Must be unique in the domain. + This parameter is relevant only for getting few objects. + type: str + layer: + description: + - Layer that holds the Object. Identified by the Name or UID. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + package: + description: + - Name of the package. + type: str + use_object_dictionary: + description: + - Receiving the mapping between the objects id and the whole objects. + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-https-rule + cp_mgmt_https_rule_facts: + name: FirstRule + layer: Default Outbound Layer + +- name: show-https-rulebase + cp_mgmt_https_rule_facts: + details_level: standard + limit: 20 + name: Default Outbound Layer + offset: 0 + use_object_dictionary: false +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + package=dict(type='str'), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "https-rule" + api_call_object_plural_version = "https-rulebase" + + result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_https_section.py b/plugins/modules/cp_mgmt_https_section.py index bdc3f3f..3b51cfb 100644 --- a/plugins/modules/cp_mgmt_https_section.py +++ b/plugins/modules/cp_mgmt_https_section.py @@ -45,6 +45,29 @@ description: - Position in the rulebase. type: str + relative_position: + description: + - Position in the rulebase. + - Use of this field is relevant only for "add" operation. + type: dict + version_added: "6.0.0" + suboptions: + below: + description: + - Add section below specific rule/section identified by name. + type: str + above: + description: + - Add section above specific rule/section identified by name. + type: str + top: + description: + - Add section to the top of a specific section identified by name. + type: str + bottom: + description: + - Add section to the bottom of a specific section identified by name. + type: str name: description: - Object name. @@ -106,6 +129,15 @@ def main(): argument_spec = dict( layer=dict(type="str"), position=dict(type="str"), + relative_position=dict( + type="dict", + options=dict( + below=dict(type="str"), + above=dict(type="str"), + top=dict(type="str"), + bottom=dict(type="str"), + ), + ), name=dict(type="str", required=True), details_level=dict(type="str", choices=["uid", "standard", "full"]), ignore_warnings=dict(type="bool"), @@ -118,6 +150,14 @@ def main(): ) api_call_object = "https-section" + if module.params["relative_position"] is not None: + if module.params["position"] is not None: + raise AssertionError( + "The use of both 'relative_position' and 'position' arguments isn't allowed" + ) + module.params["position"] = module.params["relative_position"] + module.params.pop("relative_position") + result = api_call(module, api_call_object) module.exit_json(**result) diff --git a/plugins/modules/cp_mgmt_import_outbound_inspection_certificate.py b/plugins/modules/cp_mgmt_import_outbound_inspection_certificate.py new file mode 100644 index 0000000..9cb446c --- /dev/null +++ b/plugins/modules/cp_mgmt_import_outbound_inspection_certificate.py @@ -0,0 +1,158 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_import_outbound_inspection_certificate +short_description: Import Outbound Inspection certificate for HTTPS inspection. +description: + - Import Outbound Inspection certificate for HTTPS inspection. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + base64_certificate: + description: + - Certificate file encoded in base64.
Valid file format, p12. + type: str + base64_password: + description: + - Password (encoded in Base64 with padding) for the certificate file. + type: str + name: + description: + - Object name. Must be unique in the domain. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + is_default: + description: + - Is the certificate is the default certificate. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. By Setting this parameter to 'true' default outbound certificate can be replaced. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: import-outbound-inspection-certificate + cp_mgmt_import_outbound_inspection_certificate: + base64_certificate: + MIIKSAIBAzCCCg4GCSqGSIb3DQEHAaCCCf8Eggn7MIIJ9zCCBI8GCSqGSIb3DQEHBqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQILAfxjBi7DTQCAggAgIIESKgKoClNx4 + yTQr7xfIgSBSDs0It2vVsLubNFJpbQXzJUu2WaPQPbqV3wISpWCa/auLYC9OWpTI89HFt30rVAdWCFVoty7jI6L8HjTYa8fTGyqW7PyfoGyZclmz6totsmeVWc8i7wnl9Hk8NZpLWuixNoSLQUqBoloyZE + ll3i3/Z+/6mDlYkRmpCMQA2YLQm1yc/3n7Fq6grBJDro0tIIoAwIzgCdoKqIMwlDNA9c0eaHeXsP4k9WfJQbK6AyLTvHbrrNrgUyEDJQI6BCkeQwkBW2zRUHoe7s1DSQ5Rwft4koIaDcGovLES5g1gnXzm + r4/23+rf4/EZszB0QvlYvZIKLQ8O2ofvZ/HK+59fxlhKEiEkW2yhezDGR9s6hZnzZ8vMutisQJ8MO0m9iKVD5AAtif/32iy5+TVIQfqgER+DYVGOuk15YF2VcZGRlQ8pSvBXIkMMUDRqjFxQfKYIMlyk6R + SSgmIn+EIA9GfaBmEGy2xJYvw6IkUJ+xoR+SYeLYiMw+HkzI+cCOKF7fKPXlOCVvnESEeKwJ4inSxiI2GQG01aN/GNdsx/EM1Xi2LSHfzhG9URIOhjuJIQZn2Z7f3fpTxpWWCpEEVjcQZhoR0KX0DJ/gIx + iY8UsbNo58FTq5AwMFY6m8hxlHOorqh0MSE/x8LKq0v7JKIxQwrdkyUlVUqdaGreW5MgRdjqOrxQx53nLPdQelKWbR8Gn4KkwFcYCAB1VAe944zqq6YKL4mvNwxk5wyqDjn5UZtPokKFfqBOwOSAGsaZ38 + x/2tqXEgPhWVGFPJlsIUUKBRVTtqxsb2LdaCPHjO8bQhhgOIMEav+iWZAJYudZuolr8Aviccorg1w0sr2eklHbO6yMWrDrvlCVpSawRnLIeeWe+4rwV7SNdcA5hSombTWKRcR8mOkTGjpByiz6+g+3mHOe + byTrmIfUSENMZy5oYjQfDyNLi0RMmCPCqMjRSwyAs/CDhzz4wTFLEYbu+fUrm2WZc2vhhxafbVrbZ+FcDcnYomYfp8aSxiIIq8+gxT99Oi3WNqhJ+IZGJODWMYRfpKNwgCab8uJt8TV3SVXVIXW0Y28l4Z + P/qWEfnEC8Wl6HJGhJo7arqBFTWWEuKvHw985OpksavdQFXgVU9Egbue0anb0U5SDyRu0hqJ/Gw83dKJbCg8hPv4gGq/yeOb+cX63DCKvOcoXjZ0szeRcGiro0+BSgr143Ks19lsxWHPOlauLSnD3jVrgp + mVwxCizRTnX3OLJ07IpvvEJGAQR/Ru2lo7eN0H4933G93tVQtte69BiPwbkWtSx8ddzbRGmMW7IsG72FVm5QrJC1C1Na5xqQQV6G2oHqIHNdNyXD6TmhuQ4BnpCoamCzfsX4iozS+NySz/Jdbuj0YZ9L2d + YUHiBF4xotlHfwiAiCghaBH31OZJ0n52d0NGqRkN5F0Qdfz1O2+rLx2zswggVgBgkqhkiG9w0BBwGgggVRBIIFTTCCBUkwggVFBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQIRNvl + 6KdajoCAggABIIEyBJbsgafEO1D9xQ8BFYFNKf/meJNAOO4XVPTFtUBpyvEn3PkyxyKU1cMenESXeMacSv/VftkYC7CwN81kzbRMRSEXZSCsyj48kMqwTqMNmZmgF8XaFvzXOGlu2E411LZ/sOenWO7lxe + NGZM3vk4FWvl+4fa5Xd5TDqya65VsXSocDUA5kpeqn323TcdeCldGmEniX85NGIiPpWuRLGrNf8VOIuE3NFAmTSveHH9Oo7PjscCifc7O4+NpOW9GfayZMqG8dTpLhIRacdvy/QvbWePXdzzSI9rKogX/7 + bSzU0Hq+8rpWlAhz0qnW2Bb3T7of86Len5cuNr0k425Dhpuo4od81exDdSa3+aFQqR3nKVSkPapLBrpGNZIX4TwctRnbi2ZHdFxMKkJewGt/beam3LcujJRlN2RBeA0IRWEAyO6ubjpQ62ChrW+faHXXxY + H3Be6nPXSF5pq4VAIVglNsPOxGYIb+qNDhOblzQBq4nF30fyHmOwDIRgNWwOStT7dUFmN0ouHinP6QXWBDDQiDo2RRFs2/RWu0ZY0EAzEYAMCSvmk+SQgKbKpNFf0C5kuJ56PWXUuGSoAXV/vxvK6OHIGF + FcZo+VrRgYTHY/eSjw1+/lpUkwaWAzoH0X6KxuLXfgzv+E8Z+LFVWIAoknJ96ieljiHzNnfeSTZYwTaJbYaritdAQ2MTGcBrpJFIqr9GjWGVsFQK0ct/ZIFzZw0Vnt/aOj5OjMPlpy9UXfC+tw9gfRYWfS + uDLuUH0Znu3JB/+J2XQP4PBArXKyvFv6wMVSvY/04r2WQQKV9YTUCkbgvHAlQ7vP0a8z44xSrKc4M04sEBE3cFD2NBAQrP3GqRyz2ukuzJhrj/B1dZWA23SZaqfN9gpbfFbtPXN6F/nY1UUsikLjcXDjC8 + GVU9Pp4VCnv2EUgl4QmkUEdVeDZjUnz/k9Kd53q3h+chAId+3VBsemd3ZadX4gupw6Xf6zT8Av7v75/1/vFw2yz22DG8pIpN4uuEdSFhvs9lr6f2M6bQABS+NWfehq5aqBqsXXX8R3fSxYLL0gO4lxf4Yq + SomA4AlzS9tJtEe2DKWYmnYwiiUGYLs7aGMLZQbHbYutPKKZXTaSGWYBaIrVjbDM67la/csYmxpb2n6UD6TkNICuZwd/ImVvDhbCEsR/EU+YU0HPwxlUtcCsqw4Vy8rBtbla2XmegGUcLWSurKmq42SW8W + LBJQfY/9sWyaMqSGy0/Vq4/+/CtXUZ1N5rgibYyIZ9Tvm/ndv2xBW1hYivIZZQFRbg5fWxKA5ifYejGmYCWGQynRSVCbqccw08xy5Iwnww4v5Cz5bcNyRLFOU2/bfn7SC5mcQ/Tw5ZKOQVRn88G78amMPH + RqX4RzPtIwmK+B3zPJX0MHrY3w5hzPZ0UCtR2YsbYLeqsYP6b+RBLSV3wtkUZ9PgbMeu7zXSE0z1svGpjF7yWpnP47ilbxwe1YXL5+CuqN6iHFfyaP1JPYILmHdw0gzgyOdo1y4rUXgCeiCyH4vJVLts8E + KpXZDMCUmujb306IOD9haFXdQHV5XlQurtw+JC7ySe9bVMrzYJv5/oPioOXMnLPI2OXYbACwlQ/UHgl5LmDlsxeairdfYTdAxajFEMB0GCSqGSIb3DQEJFDEQHg4AbQB5AGEAbABpAGEAczAjBgkqhkiG9 + 0BCRUxFgQU7cUIcmKuQKAMfwbKiKzQozUsyHwwMTAhMAkGBSsOAwIaBQAEFEFoI0QTIv2s2lR8PxS8xfiT5S06BAjANT3YLoakoAICCAA= + base64_password: bXlfcGFzc3dvcmQ= + is_default: 'false' + name: OutboundCertificate +""" + +RETURN = """ +cp_mgmt_import_outbound_inspection_certificate: + description: The checkpoint import-outbound-inspection-certificate output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + base64_certificate=dict(type='str'), + base64_password=dict(type='str', no_log=True), + name=dict(type='str'), + tags=dict(type='list', elements='str'), + is_default=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "import-outbound-inspection-certificate" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_infinity_idp_facts.py b/plugins/modules/cp_mgmt_infinity_idp_facts.py new file mode 100644 index 0000000..589a02c --- /dev/null +++ b/plugins/modules/cp_mgmt_infinity_idp_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_infinity_idp_facts +short_description: Get Infinity Identity Provider objects facts from the Infinity Portal. +description: + - Get Infinity Identity Provider objects facts from the Infinity Portal. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-infinity-idp + cp_mgmt_infinity_idp_facts: + name: infinityIdp1 + +- name: show-infinity-idps + cp_mgmt_infinity_idp_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "infinity-idp" + api_call_object_plural_version = "infinity-idps" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_infinity_idp_object_facts.py b/plugins/modules/cp_mgmt_infinity_idp_object_facts.py new file mode 100644 index 0000000..4f39cc5 --- /dev/null +++ b/plugins/modules/cp_mgmt_infinity_idp_object_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_infinity_idp_object_facts +short_description: Retrieve users/groups/machines objects facts from the Identity Provider. +description: + - Retrieve users/groups/machines objects facts from the Identity Provider. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-infinity-idp-object + cp_mgmt_infinity_idp_object_facts: + name: User1 + +- name: show-infinity-idp-objects + cp_mgmt_infinity_idp_object_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "infinity-idp-object" + api_call_object_plural_version = "infinity-idp-objects" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_interface_facts.py b/plugins/modules/cp_mgmt_interface_facts.py new file mode 100644 index 0000000..81baec4 --- /dev/null +++ b/plugins/modules/cp_mgmt_interface_facts.py @@ -0,0 +1,150 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_interface_facts +short_description: Get interface objects facts on Checkpoint over Web Services API +description: + - Get interface objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Network interface name. + type: str + gateway_uid: + description: + - Gateway or cluster object uid that the interfaces belongs to. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + filter: + description: + - Filter interfaces by name or IP address. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-interface + cp_mgmt_interface_facts: + name: eth0 + gateway_uid: ff918e85-98c4-4b17-bcac-417aab863d87 + +- name: show-interfaces + cp_mgmt_interface_facts: + details_level: full + gateway_uid: ff918e85-98c4-4b17-bcac-417aab863d87 + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + gateway_uid=dict(type='str'), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "interface" + api_call_object_plural_version = "interfaces" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_limit.py b/plugins/modules/cp_mgmt_limit.py new file mode 100644 index 0000000..aaf409f --- /dev/null +++ b/plugins/modules/cp_mgmt_limit.py @@ -0,0 +1,165 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_limit +short_description: Manages limit objects on Checkpoint over Web Services API +description: + - Manages limit objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + enable_download: + description: + - Enable throughput limit for downloads from the internet to the organization. + type: bool + download_rate: + description: + - The Rate for the maximum permitted bandwidth. + type: int + download_unit: + description: + - The Unit for the maximum permitted bandwidth. + type: str + choices: ['kbps', 'mbps', 'gbps'] + enable_upload: + description: + - Enable throughput limit for uploads from the organization to the internet. + type: bool + upload_rate: + description: + - The Rate for the maximum permitted bandwidth. + type: int + upload_unit: + description: + - The Unit for the maximum permitted bandwidth. + type: str + choices: ['kbps', 'mbps', 'gbps'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-limit + cp_mgmt_limit: + download_rate: '3' + download_unit: gbps + enable_download: 'true' + name: limit_obj + state: present + +- name: set-limit + cp_mgmt_limit: + download_rate: 50 + download_unit: kbps + name: limit_obj + state: present + +- name: delete-limit + cp_mgmt_limit: + name: limit_obj_Clone + state: absent +""" + +RETURN = """ +cp_mgmt_limit: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + enable_download=dict(type='bool'), + download_rate=dict(type='int'), + download_unit=dict(type='str', choices=['kbps', 'mbps', 'gbps']), + enable_upload=dict(type='bool'), + upload_rate=dict(type='int'), + upload_unit=dict(type='str', choices=['kbps', 'mbps', 'gbps']), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'limit' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_limit_facts.py b/plugins/modules/cp_mgmt_limit_facts.py new file mode 100644 index 0000000..f7a06ef --- /dev/null +++ b/plugins/modules/cp_mgmt_limit_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_limit_facts +short_description: Get limit objects facts on Checkpoint over Web Services API +description: + - Get limit objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-limit + cp_mgmt_limit_facts: + name: limit_obj + +- name: show-limits + cp_mgmt_limit_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "limit" + api_call_object_plural_version = "limits" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_mobile_access_profile_rule.py b/plugins/modules/cp_mgmt_mobile_access_profile_rule.py new file mode 100644 index 0000000..3b4ed81 --- /dev/null +++ b/plugins/modules/cp_mgmt_mobile_access_profile_rule.py @@ -0,0 +1,150 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mobile_access_profile_rule +short_description: Manages mobile-access-profile-rule objects on Checkpoint over Web Services API +description: + - Manages mobile-access-profile-rule objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + position: + description: + - Position in the rulebase. + type: str + name: + description: + - Object name. + type: str + required: True + mobile_profile: + description: + - Profile configuration for User groups - identified by the name or UID. + type: str + user_groups: + description: + - User groups that will be configured with the profile object - identified by the name or UID. + type: list + elements: str + enabled: + description: + - Enable/Disable the rule. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-mobile-access-profile-rule + cp_mgmt_mobile_access_profile_rule: + mobile_profile: Default_Profile + name: Rule 1 + position: 1 + state: present + user_groups: + - my_group + +- name: set-mobile-access-profile-rule + cp_mgmt_mobile_access_profile_rule: + mobile_profile: Default_Profile + name: Rule 1 + position: 2 + state: present + user_groups: + - my_group + state: present + +- name: delete-mobile-access-profile-rule + cp_mgmt_mobile_access_profile_rule: + name: New Mobile Profile Rule + state: absent +""" + +RETURN = """ +cp_mgmt_mobile_access_profile_rule: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule + + +def main(): + argument_spec = dict( + position=dict(type='str'), + name=dict(type='str', required=True), + mobile_profile=dict(type='str'), + user_groups=dict(type='list', elements='str'), + enabled=dict(type='bool'), + tags=dict(type='list', elements='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'mobile-access-profile-rule' + + if module.params["position"] is None: + result = api_call(module, api_call_object) + else: + result = api_call_for_rule(module, api_call_object) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_mobile_access_profile_rule_facts.py b/plugins/modules/cp_mgmt_mobile_access_profile_rule_facts.py new file mode 100644 index 0000000..69ea7b5 --- /dev/null +++ b/plugins/modules/cp_mgmt_mobile_access_profile_rule_facts.py @@ -0,0 +1,148 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mobile_access_profile_rule_facts +short_description: Get mobile-access-profile-rule objects facts on Checkpoint over Web Services API +description: + - Get mobile-access-profile-rule objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + rule_number: + description: + - Rule number. + type: int + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-mobile-access-profile-rule + cp_mgmt_mobile_access_profile_rule_facts: + name: Rule 1 + +- name: show-mobile-access-profile-rulebase + cp_mgmt_mobile_access_profile_rule_facts: + details_level: standard + limit: 20 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule + + +def main(): + argument_spec = dict( + name=dict(type='str'), + rule_number=dict(type='int'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "mobile-access-profile-rule" + api_call_object_plural_version = "mobile-access-profile-rulebase" + + result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_mobile_access_profile_section.py b/plugins/modules/cp_mgmt_mobile_access_profile_section.py new file mode 100644 index 0000000..a1c525b --- /dev/null +++ b/plugins/modules/cp_mgmt_mobile_access_profile_section.py @@ -0,0 +1,158 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mobile_access_profile_section +short_description: Manages mobile-access-profile-section objects on Checkpoint over Web Services API +description: + - Manages mobile-access-profile-section objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + position: + description: + - Position in the rulebase. + type: str + relative_position: + description: + - Position in the rulebase. + - Use of this field is relevant only for "add" operation. + type: dict + suboptions: + below: + description: + - Add section below specific rule/section identified by name. + type: str + above: + description: + - Add section above specific rule/section identified by name. + type: str + top: + description: + - Add section to the top of a specific section identified by name. + type: str + bottom: + description: + - Add section to the bottom of a specific section identified by name. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-mobile-access-profile-section + cp_mgmt_mobile_access_profile_section: + name: New Section 1 + position: 1 + state: present + +- name: set-mobile-access-profile-section + cp_mgmt_mobile_access_profile_section: + name: New Section 1 + tags: + - MAP-section + state: present + +- name: delete-mobile-access-profile-section + cp_mgmt_mobile_access_profile_section: + name: New Section 1 + state: absent +""" + +RETURN = """ +cp_mgmt_mobile_access_profile_section: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + position=dict(type='str'), + relative_position=dict( + type="dict", + options=dict( + below=dict(type="str"), + above=dict(type="str"), + top=dict(type="str"), + bottom=dict(type="str"), + ), + ), + tags=dict(type='list', elements='str'), + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'mobile-access-profile-section' + + if module.params["relative_position"] is not None: + if module.params["position"] is not None: + raise AssertionError( + "The use of both 'relative_position' and 'position' arguments isn't allowed" + ) + module.params["position"] = module.params["relative_position"] + module.params.pop("relative_position") + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_mobile_access_rule.py b/plugins/modules/cp_mgmt_mobile_access_rule.py new file mode 100644 index 0000000..23c3402 --- /dev/null +++ b/plugins/modules/cp_mgmt_mobile_access_rule.py @@ -0,0 +1,157 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mobile_access_rule +short_description: Manages mobile-access-rule objects on Checkpoint over Web Services API +description: + - Manages mobile-access-rule objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + position: + description: + - Position in the rulebase. + type: str + name: + description: + - Object name. + type: str + required: True + user_groups: + description: + - User groups that will be associated with the apps - identified by the name or UID. + type: list + elements: str + applications: + description: + - Available apps that will be associated with the user groups - identified by the name or UID. + type: list + elements: str + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-mobile-access-rule + cp_mgmt_mobile_access_rule: + applications: New Application + name: Rule 1 + position: 1 + state: present + user_groups: + - my_group + +- name: set-mobile-access-rule + cp_mgmt_mobile_access_rule: + applications: + - New Application + - New Application 2 + name: Rule 1 + state: present + user_groups: + - my_group + +- name: delete-mobile-access-rule + cp_mgmt_mobile_access_rule: + name: Rule 1 + state: absent +""" + +RETURN = """ +cp_mgmt_mobile_access_rule: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule + + +def main(): + argument_spec = dict( + position=dict(type='str'), + name=dict(type='str', required=True), + user_groups=dict(type='list', elements='str'), + applications=dict(type='list', elements='str'), + enabled=dict(type='bool'), + install_on=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'mobile-access-rule' + + if module.params["position"] is None: + result = api_call(module, api_call_object) + else: + result = api_call_for_rule(module, api_call_object) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_mobile_access_rule_facts.py b/plugins/modules/cp_mgmt_mobile_access_rule_facts.py new file mode 100644 index 0000000..c71c167 --- /dev/null +++ b/plugins/modules/cp_mgmt_mobile_access_rule_facts.py @@ -0,0 +1,148 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mobile_access_rule_facts +short_description: Get mobile-access-rule objects facts on Checkpoint over Web Services API +description: + - Get mobile-access-rule objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + rule_number: + description: + - Rule number. + type: int + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-mobile-access-rule + cp_mgmt_mobile_access_rule_facts: + name: Rule 1 + +- name: show-mobile-access-rulebase + cp_mgmt_mobile_access_rule_facts: + details_level: standard + limit: 20 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule + + +def main(): + argument_spec = dict( + name=dict(type='str'), + rule_number=dict(type='int'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "mobile-access-rule" + api_call_object_plural_version = "mobile-access-rulebase" + + result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_mobile_access_section.py b/plugins/modules/cp_mgmt_mobile_access_section.py new file mode 100644 index 0000000..584af99 --- /dev/null +++ b/plugins/modules/cp_mgmt_mobile_access_section.py @@ -0,0 +1,158 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mobile_access_section +short_description: Manages mobile-access-section objects on Checkpoint over Web Services API +description: + - Manages mobile-access-section objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + position: + description: + - Position in the rulebase. + type: str + relative_position: + description: + - Position in the rulebase. + - Use of this field is relevant only for "add" operation. + type: dict + suboptions: + below: + description: + - Add section below specific rule/section identified by name. + type: str + above: + description: + - Add section above specific rule/section identified by name. + type: str + top: + description: + - Add section to the top of a specific section identified by name. + type: str + bottom: + description: + - Add section to the bottom of a specific section identified by name. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-mobile-access-section + cp_mgmt_mobile_access_section: + name: New Section 1 + position: 1 + state: present + +- name: set-mobile-access-section + cp_mgmt_mobile_access_section: + name: New Section 1 + state: present + tags: + - MA-section + +- name: delete-mobile-access-section + cp_mgmt_mobile_access_section: + name: New Section 1 + state: absent +""" + +RETURN = """ +cp_mgmt_mobile_access_section: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + position=dict(type='str'), + relative_position=dict( + type="dict", + options=dict( + below=dict(type="str"), + above=dict(type="str"), + top=dict(type="str"), + bottom=dict(type="str"), + ), + ), + tags=dict(type='list', elements='str'), + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'mobile-access-section' + + if module.params["relative_position"] is not None: + if module.params["position"] is not None: + raise AssertionError( + "The use of both 'relative_position' and 'position' arguments isn't allowed" + ) + module.params["position"] = module.params["relative_position"] + module.params.pop("relative_position") + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_mobile_profile.py b/plugins/modules/cp_mgmt_mobile_profile.py new file mode 100644 index 0000000..a236a23 --- /dev/null +++ b/plugins/modules/cp_mgmt_mobile_profile.py @@ -0,0 +1,510 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mobile_profile +short_description: Manages mobile-profile objects on Checkpoint over Web Services API +description: + - Manages mobile-profile objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + applications: + description: + - Applications settings. + type: dict + suboptions: + enable_print_mails: + description: + - Allow to print mails. + type: bool + max_attachments_size: + description: + - Maximum size of attachments allowed for downloading - you can choose a unit (gbs, kbs, mbs, bytes) in "max-attachments-unit" field. + type: int + calendar_from_the_last: + description: + - How far back to see your Calendar from the current date - you can choose a unit (day, week, month) in "calendar-from-the-last-unit" field. + type: int + calendar_from_the_last_unit: + description: + - Unit for "calendar-from-the-last" numeric value. + type: str + choices: ['weeks', 'months', 'days'] + calendar_to_the_following: + description: + - How much ahead to see your Calendar from the current date - you can choose a unit (day, week, month) in "calendar-to-the-following-unit" field. + type: int + calendar_to_the_following_unit: + description: + - Unit for "calendar-to-the-following" numeric value. + type: str + choices: ['weeks', 'months', 'days'] + mail_from_the_last: + description: + - How far back to see your emails from the current date - choose a unit (day, week, month) in "mail-from-the-last-unit" field. + type: int + mail_from_the_last_unit: + description: + - Unit for "mail-from-the-last" numeric value. + type: str + choices: ['weeks', 'months', 'days'] + synchronize_contacts: + description: + - Contacts synchronization method - from the mail server to device and the app and vice versa or from the mail server to device and the + app or from the mail server to the app. + type: str + choices: ['mail srv to app and device and vice versa', 'mail srv to app and device', 'mail srv to app'] + allow_push_notification: + description: + - Allow to receive push notifications of mails and meetings. + type: bool + allow_calendar_sync: + description: + - Allow synchronization between business calendar to device calendar. + type: bool + allow_contacts_from_global_address_list: + description: + - Allow to add additional contacts from Global Address List to the app. + type: bool + allow_contacts_from_local_phone: + description: + - Allow to add additional contacts from local phone to the app. + type: bool + save_local_web_cache: + description: + - Configure whether local cache data generated by web browser should be preserved. + type: bool + allow_caching_docsec_credentials: + description: + - Allow store encrypted document credentials in application secure storage. + type: bool + allow_caching_docsec_keys: + description: + - Allow store encrypted document keys in application secure storage. + type: bool + client_customization: + description: + - Client customization settings. + type: dict + suboptions: + app_theme_color_dark: + description: + - Configure the application display colors in Dark mode. 6 hex digits that define RGB color - relevant for IOS. + type: str + app_theme_color_light: + description: + - Configure the application display colors in light mode. 6 hex digits that define RGB color - relevant for IOS. + type: str + allow_calendar: + description: + - Allow sync business calendar to device calendar. + type: bool + allow_contacts: + description: + - Enable/Disable contacts app. + type: bool + allow_mail: + description: + - Enable/Disable email app. + type: bool + allow_notes_sync: + description: + - Allow sync business notes to device notes. + type: bool + allow_saved_file_apps: + description: + - Allow the appearance of 'Saved file app' in the app list. + type: bool + allow_secure_chat: + description: + - Enable/Disable Messages app (depends on Mail app). + type: bool + allow_tasks: + description: + - Enable/Disable Tasks app. + type: bool + certificate_expire_message: + description: + - message to show users when certificate is expired - for admin to fill - can contain only English characters, digits, comma, spaces and points. + type: str + data_leak_prevention: + description: + - Data leak prevention settings. + type: dict + suboptions: + open_extension_with_external_app: + description: + - Open the following extensions from your app with external apps when they cannot be opened with Capsule viewer. + type: list + elements: str + choices: ['any file', 'word documents', 'excel documents', 'powerpoint documents', 'any microsoft office documents', 'media files'] + share_protected_extension: + description: + - Share protected files extensions to external apps. + type: list + elements: str + choices: ['any file', 'word documents', 'excel documents', 'powerpoint documents', 'any microsoft office documents', 'media files'] + share_unprotected_extension: + description: + - Share unprotected files extensions to external apps. + type: list + elements: str + choices: ['any file', 'word documents', 'excel documents', 'powerpoint documents', 'any microsoft office documents', 'media files'] + allow_copy_paste: + description: + - Allow copy paste of mail content. + type: bool + block_forward_attachments: + description: + - Allow share mail attachments with external mails. + type: bool + block_screenshot: + description: + - If true - you can't make a screenshot from your app. + type: bool + allowed_domains_forward_attachment: + description: + - exclusion of domains which attachments are allowed to be sent, even that shared policy prevents sharing these kinds of attached files + - can contain only English characters, digits, comma, spaces and points. + type: str + accept_protected_file_extensions: + description: + - Accept protected files with these extensions from external apps to your app. + type: list + elements: str + choices: ['any file', 'word documents', 'excel documents', 'powerpoint documents', 'any microsoft office documents', 'media files'] + accept_unprotected_file_extensions: + description: + - Accept unprotected files with these extensions from external apps to your app. + type: list + elements: str + choices: ['any file', 'word documents', 'excel documents', 'powerpoint documents', 'any microsoft office documents', 'media files'] + allow_import_from_gallery: + description: + - Allow import media from gallery. + type: bool + allow_taking_photos_and_videos: + description: + - Allow the camera to be used from your app. + type: bool + offer_capsule_as_viewer: + description: + - Offer Capsule as a viewer for external protected documents. + type: bool + harmony_mobile: + description: + - Integrations settings. + type: dict + suboptions: + protect_policy_enabled: + description: + - Enable/disable Protect Application- cannot be enable if Harmony SDK is enable. + type: bool + protect_high_risk_action: + description: + - What is the action if there is high risk found by Harmony Mobile. + type: str + choices: ['none', 'wipe', 'block'] + protect_high_risk_message: + description: + - The message can contain only English characters, digits, comma, spaces and points. + type: str + protect_medium_risk_action: + description: + - What is the action if there is medium risk found by Harmony Mobile. + type: str + choices: ['none', 'wipe', 'block'] + protect_medium_risk_message: + description: + - The message can contain only English characters, digits, comma, spaces and points. + type: str + protect_not_activated_action: + description: + - What is the action if there is policy violation (configuration for Harmony Mobile). + type: str + choices: ['none', 'wipe', 'block'] + protect_not_activated_message: + description: + - The message can contain only English characters, digits, comma, spaces and points. + type: str + enable_harmony_mobile_sdk: + description: + - Enable/disable Harmony SDK - cannot be enable if Harmony Mobile Application is enable. + type: bool + compromised_behavior: + description: + - Device configuration - response to malicious behavior (configuration for Harmony SDK). + type: str + choices: ['block', 'notify', 'ignore'] + harmony_mobile_sdk_license: + description: + - License for Harmony Mobile Sdk (configuration for Harmony SDK) - can contain only English characters, digits, comma, spaces and point. + type: str + malware_behavior: + description: + - Behavior when App is identified as malicious (configuration for Harmony SDK). + type: str + choices: ['block', 'notify', 'ignore'] + man_in_the_middle_attack: + description: + - Behavior when there is a network man-in-the-middle attack (configuration for Harmony SDK). + type: str + choices: ['block', 'notify', 'ignore'] + os_integrity_compromised: + description: + - Behavior when Device OS is compromised (configuration for Harmony SDK). + type: str + choices: ['block', 'notify', 'ignore'] + suspicious_app: + description: + - Behavior when App is suspected as malicious (configuration for Harmony SDK). + type: str + choices: ['block', 'notify', 'ignore'] + suspicious_enterprise_certificate: + description: + - Behavior when a certificate profile has been installed allowing the installing of apps on device from unknown source - iOS only + (configuration for Harmony SDK). + type: str + choices: ['block', 'notify', 'ignore'] + security: + description: + - Security settings. + type: dict + suboptions: + session_timeout: + description: + - Session timeout - you can choose a unit (day, week, month) in "session-timeout-unit" field. + type: int + session_timeout_unit: + description: + - Unit for "session-timeout" numeric value. + type: str + choices: ['weeks', 'days', 'hours', 'minutes'] + activate_passcode_lock: + description: + - Require passcode to the application. + type: bool + allow_store_credentials: + description: + - Allow storing the credentials on the device. + type: bool + passcode_profile: + description: + - Passcode Policy object identified by the name or UID. + type: str + report_jailbroken: + description: + - Issue log when device is detected as jail broken. + type: bool + block_jailbroken: + description: + - Action upon detection of jail broken devices. + type: str + choices: ['block', 'none'] + block_3rd_party_keyboard: + description: + - Block 3rd party keyboard. + type: bool + hide_ssl_connect_anyway_button: + description: + - Hide connect button on critical SSL trust failures. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-mobile-profile + cp_mgmt_mobile_profile: + name: New Mobile Profile + state: present + +- name: set-mobile-profile + cp_mgmt_mobile_profile: + data_leak_prevention: + share_protected_extension: word documents + name: New Mobile Profile + state: present + +- name: delete-mobile-profile + cp_mgmt_mobile_profile: + name: New Mobile Profile + state: absent +""" + +RETURN = """ +cp_mgmt_mobile_profile: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + applications=dict(type='dict', options=dict( + enable_print_mails=dict(type='bool'), + max_attachments_size=dict(type='int'), + calendar_from_the_last=dict(type='int'), + calendar_from_the_last_unit=dict(type='str', choices=['weeks', 'months', 'days']), + calendar_to_the_following=dict(type='int'), + calendar_to_the_following_unit=dict(type='str', choices=['weeks', 'months', 'days']), + mail_from_the_last=dict(type='int'), + mail_from_the_last_unit=dict(type='str', choices=['weeks', 'months', 'days']), + synchronize_contacts=dict(type='str', choices=['mail srv to app and device and vice versa', 'mail srv to app and device', 'mail srv to app']), + allow_push_notification=dict(type='bool'), + allow_calendar_sync=dict(type='bool'), + allow_contacts_from_global_address_list=dict(type='bool'), + allow_contacts_from_local_phone=dict(type='bool'), + save_local_web_cache=dict(type='bool'), + allow_caching_docsec_credentials=dict(type='bool'), + allow_caching_docsec_keys=dict(type='bool') + )), + client_customization=dict(type='dict', options=dict( + app_theme_color_dark=dict(type='str'), + app_theme_color_light=dict(type='str'), + allow_calendar=dict(type='bool'), + allow_contacts=dict(type='bool'), + allow_mail=dict(type='bool'), + allow_notes_sync=dict(type='bool'), + allow_saved_file_apps=dict(type='bool'), + allow_secure_chat=dict(type='bool'), + allow_tasks=dict(type='bool'), + certificate_expire_message=dict(type='str') + )), + data_leak_prevention=dict(type='dict', options=dict( + open_extension_with_external_app=dict(type='list', elements='str'), + share_protected_extension=dict(type='list', elements='str'), + share_unprotected_extension=dict(type='list', elements='str'), + allow_copy_paste=dict(type='bool'), + block_forward_attachments=dict(type='bool'), + block_screenshot=dict(type='bool'), + allowed_domains_forward_attachment=dict(type='str'), + accept_protected_file_extensions=dict(type='list', elements='str'), + accept_unprotected_file_extensions=dict(type='list', elements='str'), + allow_import_from_gallery=dict(type='bool'), + allow_taking_photos_and_videos=dict(type='bool'), + offer_capsule_as_viewer=dict(type='bool') + )), + harmony_mobile=dict(type='dict', options=dict( + protect_policy_enabled=dict(type='bool'), + protect_high_risk_action=dict(type='str', choices=['none', 'wipe', 'block']), + protect_high_risk_message=dict(type='str'), + protect_medium_risk_action=dict(type='str', choices=['none', 'wipe', 'block']), + protect_medium_risk_message=dict(type='str'), + protect_not_activated_action=dict(type='str', choices=['none', 'wipe', 'block']), + protect_not_activated_message=dict(type='str'), + enable_harmony_mobile_sdk=dict(type='bool'), + compromised_behavior=dict(type='str', choices=['block', 'notify', 'ignore']), + harmony_mobile_sdk_license=dict(type='str'), + malware_behavior=dict(type='str', choices=['block', 'notify', 'ignore']), + man_in_the_middle_attack=dict(type='str', choices=['block', 'notify', 'ignore']), + os_integrity_compromised=dict(type='str', choices=['block', 'notify', 'ignore']), + suspicious_app=dict(type='str', choices=['block', 'notify', 'ignore']), + suspicious_enterprise_certificate=dict(type='str', choices=['block', 'notify', 'ignore']) + )), + security=dict(type='dict', options=dict( + session_timeout=dict(type='int'), + session_timeout_unit=dict(type='str', choices=['weeks', 'days', 'hours', 'minutes']), + activate_passcode_lock=dict(type='bool'), + allow_store_credentials=dict(type='bool'), + passcode_profile=dict(type='str'), + report_jailbroken=dict(type='bool'), + block_jailbroken=dict(type='str', choices=['block', 'none']), + block_3rd_party_keyboard=dict(type='bool'), + hide_ssl_connect_anyway_button=dict(type='bool') + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'mobile-profile' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_mobile_profile_facts.py b/plugins/modules/cp_mgmt_mobile_profile_facts.py new file mode 100644 index 0000000..8a08fdc --- /dev/null +++ b/plugins/modules/cp_mgmt_mobile_profile_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mobile_profile_facts +short_description: Get mobile-profile objects facts on Checkpoint over Web Services API +description: + - Get mobile-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-mobile-profile + cp_mgmt_mobile_profile_facts: + name: New Mobile Profile + +- name: show-mobile-profiles + cp_mgmt_mobile_profile_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "mobile-profile" + api_call_object_plural_version = "mobile-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_multiple_key_exchanges.py b/plugins/modules/cp_mgmt_multiple_key_exchanges.py new file mode 100644 index 0000000..3069dea --- /dev/null +++ b/plugins/modules/cp_mgmt_multiple_key_exchanges.py @@ -0,0 +1,231 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_multiple_key_exchanges +short_description: Manages multiple-key-exchanges objects on Checkpoint over Web Services API +description: + - Manages multiple-key-exchanges objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + key_exchange_methods: + description: + - Key-Exchange methods to use. Can contain only Diffie-Hellman groups. + type: list + elements: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-15', 'group-16', 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24'] + additional_key_exchange_1_methods: + description: + - Additional Key-Exchange 1 methods to use. + type: list + elements: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-15', 'group-16', 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', 'kyber-768', 'kyber-1024', 'none'] + additional_key_exchange_2_methods: + description: + - Additional Key-Exchange 2 methods to use. + type: list + elements: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-15', 'group-16', 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', 'kyber-768', 'kyber-1024', 'none'] + additional_key_exchange_3_methods: + description: + - Additional Key-Exchange 3 methods to use. + type: list + elements: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-15', 'group-16', 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', 'kyber-768', 'kyber-1024', 'none'] + additional_key_exchange_4_methods: + description: + - Additional Key-Exchange 4 methods to use. + type: list + elements: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-15', 'group-16', 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', 'kyber-768', 'kyber-1024', 'none'] + additional_key_exchange_5_methods: + description: + - Additional Key-Exchange 5 methods to use. + type: list + elements: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-15', 'group-16', 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', 'kyber-768', 'kyber-1024', 'none'] + additional_key_exchange_6_methods: + description: + - Additional Key-Exchange 6 methods to use. + type: list + elements: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-15', 'group-16', 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', 'kyber-768', 'kyber-1024', 'none'] + additional_key_exchange_7_methods: + description: + - Additional Key-Exchange 7 methods to use. + type: list + elements: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-15', 'group-16', 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', 'kyber-768', 'kyber-1024', 'none'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-multiple-key-exchanges + cp_mgmt_multiple_key_exchanges: + additional_key_exchange_1_methods: kyber-768 + key_exchange_methods: group-2 + name: Multiple Key Exchanges + state: present + +- name: set-multiple-key-exchanges + cp_mgmt_multiple_key_exchanges: + name: Multiple Key Exchanges + state: present + +- name: delete-multiple-key-exchanges + cp_mgmt_multiple_key_exchanges: + name: Multiple Key Exchanges + state: absent +""" + +RETURN = """ +cp_mgmt_multiple_key_exchanges: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + key_exchange_methods=dict(type='list', elements='str', choices=['group-1', 'group-2', 'group-5', 'group-14', + 'group-15', 'group-16', 'group-17', 'group-18', + 'group-19', 'group-20', 'group-24']), + additional_key_exchange_1_methods=dict(type='list', elements='str', choices=['group-1', 'group-2', 'group-5', + 'group-14', 'group-15', 'group-16', + 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', + 'kyber-768', 'kyber-1024', 'none']), + additional_key_exchange_2_methods=dict(type='list', elements='str', choices=['group-1', 'group-2', 'group-5', + 'group-14', 'group-15', 'group-16', + 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', + 'kyber-768', 'kyber-1024', 'none']), + additional_key_exchange_3_methods=dict(type='list', elements='str', choices=['group-1', 'group-2', 'group-5', + 'group-14', 'group-15', 'group-16', + 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', + 'kyber-768', 'kyber-1024', 'none']), + additional_key_exchange_4_methods=dict(type='list', elements='str', choices=['group-1', 'group-2', 'group-5', + 'group-14', 'group-15', 'group-16', + 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', + 'kyber-768', 'kyber-1024', 'none']), + additional_key_exchange_5_methods=dict(type='list', elements='str', choices=['group-1', 'group-2', 'group-5', + 'group-14', 'group-15', 'group-16', + 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', + 'kyber-768', 'kyber-1024', 'none']), + additional_key_exchange_6_methods=dict(type='list', elements='str', choices=['group-1', 'group-2', 'group-5', + 'group-14', 'group-15', 'group-16', + 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', + 'kyber-768', 'kyber-1024', 'none']), + additional_key_exchange_7_methods=dict(type='list', elements='str', choices=['group-1', 'group-2', 'group-5', + 'group-14', 'group-15', 'group-16', + 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24', 'kyber-512', + 'kyber-768', 'kyber-1024', 'none']), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'multiple-key-exchanges' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_multiple_key_exchanges_facts.py b/plugins/modules/cp_mgmt_multiple_key_exchanges_facts.py new file mode 100644 index 0000000..7146a09 --- /dev/null +++ b/plugins/modules/cp_mgmt_multiple_key_exchanges_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_multiple_key_exchanges_facts +short_description: Get multiple-key-exchanges objects facts on Checkpoint over Web Services API +description: + - Get multiple-key-exchanges objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-multiple-key-exchanges + cp_mgmt_multiple_key_exchanges_facts: + name: Multiple Key Exchanges + +- name: show-multiple-key-exchanges-objects + cp_mgmt_multiple_key_exchanges_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "multiple-key-exchanges" + api_call_object_plural_version = "multiple-key-exchanges-objects" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_nat_section.py b/plugins/modules/cp_mgmt_nat_section.py index f59c4a8..0ab909d 100644 --- a/plugins/modules/cp_mgmt_nat_section.py +++ b/plugins/modules/cp_mgmt_nat_section.py @@ -45,6 +45,29 @@ description: - Position in the rulebase. type: str + relative_position: + description: + - Position in the rulebase. + - Use of this field is relevant only for "add" operation. + type: dict + version_added: "6.0.0" + suboptions: + below: + description: + - Add section below specific rule/section identified by name. + type: str + above: + description: + - Add section above specific rule/section identified by name. + type: str + top: + description: + - Add section to the top of a specific section identified by name. + type: str + bottom: + description: + - Add section to the bottom of a specific section identified by name. + type: str name: description: - Object name. @@ -106,6 +129,15 @@ def main(): argument_spec = dict( package=dict(type="str"), position=dict(type="str"), + relative_position=dict( + type="dict", + options=dict( + below=dict(type="str"), + above=dict(type="str"), + top=dict(type="str"), + bottom=dict(type="str"), + ), + ), name=dict(type="str", required=True), details_level=dict(type="str", choices=["uid", "standard", "full"]), ignore_warnings=dict(type="bool"), @@ -118,6 +150,14 @@ def main(): ) api_call_object = "nat-section" + if module.params["relative_position"] is not None: + if module.params["position"] is not None: + raise AssertionError( + "The use of both 'relative_position' and 'position' arguments isn't allowed" + ) + module.params["position"] = module.params["relative_position"] + module.params.pop("relative_position") + result = api_call(module, api_call_object) module.exit_json(**result) diff --git a/plugins/modules/cp_mgmt_network_probe.py b/plugins/modules/cp_mgmt_network_probe.py new file mode 100644 index 0000000..c81cb5e --- /dev/null +++ b/plugins/modules/cp_mgmt_network_probe.py @@ -0,0 +1,198 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_network_probe +short_description: Manages network-probe objects on Checkpoint over Web Services API +description: + - Manages network-probe objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + http_options: + description: + - Additional options when [protocol] is set to "http". + type: dict + suboptions: + destination: + description: + - The destination URL. + type: str + icmp_options: + description: + - Additional options when [protocol] is set to "icmp". + type: dict + suboptions: + destination: + description: + - One of these,
- Name or UID of an existing object with a unicast IPv4 address (Host, Security Gateway, and so on).
- A unicast + IPv4 address string (if you do not want to create such an object). + type: str + source: + description: + - One of these,
- The string "main-ip" (the probe uses the main IPv4 address of the Security Gateway objects you specified in the + parameter [install-on]).
- Name or UID of an existing object of type 'Host' with a unicast IPv4 address.
- A unicast IPv4 address string (if + you do not want to create such an object). + type: str + install_on: + description: + - Collection of Check Point Security Gateways that generate the probe, identified by name or UID. + type: list + elements: str + protocol: + description: + - The probing protocol to use. + type: str + choices: ['http', 'icmp'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + interval: + description: + - The time interval (in seconds) between each probe request.
Best Practice - The interval value should be lower than the timeout value. + type: int + choices: ['5-300'] + timeout: + description: + - The probe expiration timeout (in seconds). If there is not a single reply within this time, the status of the probe changes to "Down". + type: int + choices: ['5-300'] + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-network-probe + cp_mgmt_network_probe: + icmp_options: + destination: HOST_20.20.20.20 + source: Host_10.10.10.10 + install_on: GW_1 + name: probe_GW1 + state: present + +- name: set-network-probe + cp_mgmt_network_probe: + icmp_options: + destination: 2.2.2.2 + source: 1.1.1.1 + name: probe_GW1 + state: present + +- name: delete-network-probe + cp_mgmt_network_probe: + name: probe_GW1 + state: absent +""" + +RETURN = """ +cp_mgmt_network_probe: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + http_options=dict(type='dict', options=dict( + destination=dict(type='str') + )), + icmp_options=dict(type='dict', options=dict( + destination=dict(type='str'), + source=dict(type='str') + )), + install_on=dict(type='list', elements='str'), + protocol=dict(type='str', choices=['http', 'icmp']), + tags=dict(type='list', elements='str'), + interval=dict(type='int', choices=['5-300']), + timeout=dict(type='int', choices=['5-300']), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'network-probe' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_network_probe_facts.py b/plugins/modules/cp_mgmt_network_probe_facts.py new file mode 100644 index 0000000..57287be --- /dev/null +++ b/plugins/modules/cp_mgmt_network_probe_facts.py @@ -0,0 +1,140 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_network_probe_facts +short_description: Get network-probe objects facts on Checkpoint over Web Services API +description: + - Get network-probe objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-network-probe + cp_mgmt_network_probe_facts: + name: probe_GW1 + +- name: show-network-probes + cp_mgmt_network_probe_facts: + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "network-probe" + api_call_object_plural_version = "network-probes" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_opsec_trusted_ca.py b/plugins/modules/cp_mgmt_opsec_trusted_ca.py new file mode 100644 index 0000000..3cc7b38 --- /dev/null +++ b/plugins/modules/cp_mgmt_opsec_trusted_ca.py @@ -0,0 +1,292 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_opsec_trusted_ca +short_description: Manages opsec-trusted-ca objects on Checkpoint over Web Services API +description: + - Manages opsec-trusted-ca objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + base64_certificate: + description: + - Certificate file encoded in base64. + type: str + automatic_enrollment: + description: + - Certificate automatic enrollment. + type: dict + suboptions: + automatically_enroll_certificate: + description: + - Whether to automatically enroll certificate. + type: bool + protocol: + description: + - Protocol that communicates with the certificate authority. Available only if "automatically-enroll-certificate" parameter is set to true. + type: str + choices: ['scep', 'cmpv2', 'cmpv1'] + scep_settings: + description: + - Scep protocol settings. Available only if "protocol" is set to "scep". + type: dict + suboptions: + ca_identifier: + description: + - Certificate authority identifier. + type: str + url: + description: + - Certificate authority URL. + type: str + cmpv1_settings: + description: + - Cmpv1 protocol settings. Available only if "protocol" is set to "cmpv1". + type: dict + suboptions: + direct_tcp_settings: + description: + - Direct tcp transport layer settings. + type: dict + suboptions: + ip_address: + description: + - Certificate authority IP address. + type: str + port: + description: + - Port number. + type: int + cmpv2_settings: + description: + - Cmpv2 protocol settings. Available only if "protocol" is set to "cmpv1". + type: dict + suboptions: + transport_layer: + description: + - Transport layer. + type: str + choices: ['http', 'direct-tcp'] + direct_tcp_settings: + description: + - Direct tcp transport layer settings. + type: dict + suboptions: + ip_address: + description: + - Certificate authority IP address. + type: str + port: + description: + - Port number. + type: int + http_settings: + description: + - Http transport layer settings. + type: dict + suboptions: + url: + description: + - Certificate authority URL. + type: str + retrieve_crl_from_http_servers: + description: + - Whether to retrieve Certificate Revocation List from http servers. + type: bool + retrieve_crl_from_ldap_servers: + description: + - Whether to retrieve Certificate Revocation List from ldap servers. + type: bool + cache_crl: + description: + - Cache Certificate Revocation List on the Security Gateway. + type: bool + crl_cache_method: + description: + - Weather to retrieve new Certificate Revocation List after the certificate expires or after a fixed period. + type: str + choices: ['timeout', 'expiration date'] + crl_cache_timeout: + description: + - When to fetch new Certificate Revocation List (in minutes). + type: int + allow_certificates_from_branches: + description: + - Allow only certificates from listed branches. + type: bool + branches: + description: + - Branches to allow certificates from. Required only if "allow-certificates-from-branches" set to "true". + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-opsec-trusted-ca + cp_mgmt_opsec_trusted_ca: + base64_certificate: + MIICwjCCAaqgAwIBAgIILdexblpVEMIwDQYJKoZIhvcNAQELBQAwGDEWMBQGA1UEAxMNd3d3Lm9wc2VjLmNvbTAeFw0yMzA2MjUwOTE3MDBaFw0yNTAzMzExNjAwMDBaMBgxFjAUBgNVBAMTDXd3dy5vcH + lYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjpqCxDaVg+I1b+wqnmjjYtL3v7Tlu/YpMbsKnv+M1gRz6QFUOoSVnxKLo0A7Y4kCqa1OPcHO/LtXuok43F1YZPVKm3xWpY8FmqGqf5 + uGmSwm1HPObcMjwGOyFgwpwEDF5e0UMZ7xtJF8BZ5KKBh3ZfQ1FbmbVqSUPcmOi+NE4JspPlHxX+m6es/yeSGR1A2ezKY7KePTlwVtDe8hiLrYyKG92nka5rkD1QyEIVJ0W5wrnU4nGEDIHeOfT09zroQx + NLkb51sl4Tog/qw+EraVGIBe/iFnSJoDF37i2mLJqI/t8bel+aGDAxgMx1pO85OClgjPSWL0UIXGI2xrR+JAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHTs1AutAmSLHF2 + RLJtrRNkso0lMyA7XI7k1TNpTk7TCZLNY0VbUliGbcl+POH4EG8ARUrftnwRDCTBd2BdJTqG2CyNADi+bw8aLvbxok7KH0GlQvGjyfq+sHK12wTl4ULNyYoAPZ01GhXOvkobROdSyjxvBVhxdVo90kj7mH + v3N83huNhfstDFUBcQCmMkbLuzDUZrl2a1OtqlOdNC6mNvb7Jq9W9vRxGA514e7jqyoM+PwHu5fILx/jmGT8suOUnvbtcDdFhjqixAPer6uSPR0CSbiJvuDy72DPH5mjZK5dQKewNYOZ/BQEsRIBe+Q6eG + oJqi+cD63cwlw0DCc= + name: opsec_ca + state: present + +- name: set-opsec-trusted-ca + cp_mgmt_opsec_trusted_ca: + name: opsec_ca + automatic_enrollment: + automatically_enroll_certificate: true + protocol: "cmpv1" + cmpv1_settings: + direct_tcp_settings: + ip_address: "1.1.1.1" + state: present + +- name: delete-opsec-trusted-ca + cp_mgmt_opsec_trusted_ca: + name: opsec_ca + state: absent +""" + +RETURN = """ +cp_mgmt_opsec_trusted_ca: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + base64_certificate=dict(type='str'), + automatic_enrollment=dict(type='dict', options=dict( + automatically_enroll_certificate=dict(type='bool'), + protocol=dict(type='str', choices=['scep', 'cmpv2', 'cmpv1']), + scep_settings=dict(type='dict', options=dict( + ca_identifier=dict(type='str'), + url=dict(type='str') + )), + cmpv1_settings=dict(type='dict', options=dict( + direct_tcp_settings=dict(type='dict', options=dict( + ip_address=dict(type='str'), + port=dict(type='int') + )) + )), + cmpv2_settings=dict(type='dict', options=dict( + transport_layer=dict(type='str', choices=['http', 'direct-tcp']), + direct_tcp_settings=dict(type='dict', options=dict( + ip_address=dict(type='str'), + port=dict(type='int') + )), + http_settings=dict(type='dict', options=dict( + url=dict(type='str') + )) + )) + )), + retrieve_crl_from_http_servers=dict(type='bool'), + retrieve_crl_from_ldap_servers=dict(type='bool'), + cache_crl=dict(type='bool'), + crl_cache_method=dict(type='str', choices=['timeout', 'expiration date']), + crl_cache_timeout=dict(type='int'), + allow_certificates_from_branches=dict(type='bool'), + branches=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'opsec-trusted-ca' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_opsec_trusted_ca_facts.py b/plugins/modules/cp_mgmt_opsec_trusted_ca_facts.py new file mode 100644 index 0000000..bdc7fd1 --- /dev/null +++ b/plugins/modules/cp_mgmt_opsec_trusted_ca_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_opsec_trusted_ca_facts +short_description: Get opsec-trusted-ca objects facts on Checkpoint over Web Services API +description: + - Get opsec-trusted-ca objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-opsec-trusted-ca + cp_mgmt_opsec_trusted_ca_facts: + name: opsec_ca + +- name: show-opsec-trusted-cas + cp_mgmt_opsec_trusted_ca_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "opsec-trusted-ca" + api_call_object_plural_version = "opsec-trusted-cas" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_outbound_inspection_certificate_facts.py b/plugins/modules/cp_mgmt_outbound_inspection_certificate_facts.py new file mode 100644 index 0000000..a7a6012 --- /dev/null +++ b/plugins/modules/cp_mgmt_outbound_inspection_certificate_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_outbound_inspection_certificate_facts +short_description: Get outbound-inspection-certificate objects facts on Checkpoint over Web Services API +description: + - Get outbound-inspection-certificate objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-outbound-inspection-certificate + cp_mgmt_outbound_inspection_certificate_facts: + name: OutboundCertificate + +- name: show-outbound-inspection-certificates + cp_mgmt_outbound_inspection_certificate_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "outbound-inspection-certificate" + api_call_object_plural_version = "outbound-inspection-certificates" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_override_categorization.py b/plugins/modules/cp_mgmt_override_categorization.py new file mode 100644 index 0000000..8e91e81 --- /dev/null +++ b/plugins/modules/cp_mgmt_override_categorization.py @@ -0,0 +1,158 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_override_categorization +short_description: Manages override-categorization objects on Checkpoint over Web Services API +description: + - Manages override-categorization objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + url: + description: + - The URL for which we want to update the category and risk definitions, the URL and the object name are the same for Override Categorization. + type: str + required: True + url_defined_as_regular_expression: + description: + - States whether the URL is defined as a Regular Expression or not. + type: bool + new_primary_category: + description: + - Uid or name of the primary category based on its most defining aspect. + type: str + risk: + description: + - States the override categorization risk. + type: str + choices: ['unknown', 'very_low', 'low', 'medium', 'high', 'critical'] + additional_categories: + description: + - Uid or name of the categories to override in the Application and URL Filtering or Threat Prevention. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + new_url: + description: + - New name of the object. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-override-categorization + cp_mgmt_override_categorization: + new_primary_category: Botnets + risk: low + state: present + url: newOverride + +- name: set-override-categorization + cp_mgmt_override_categorization: + risk: high + state: present + url: newOverride + +- name: delete-override-categorization + cp_mgmt_override_categorization: + state: absent + url: newOverride +""" + +RETURN = """ +cp_mgmt_override_categorization: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + url=dict(type='str', required=True), + url_defined_as_regular_expression=dict(type='bool'), + new_primary_category=dict(type='str'), + risk=dict(type='str', choices=['unknown', 'very_low', 'low', 'medium', 'high', 'critical']), + additional_categories=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + new_url=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'override-categorization' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_override_categorization_facts.py b/plugins/modules/cp_mgmt_override_categorization_facts.py new file mode 100644 index 0000000..326cb6a --- /dev/null +++ b/plugins/modules/cp_mgmt_override_categorization_facts.py @@ -0,0 +1,139 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_override_categorization_facts +short_description: Get override-categorization objects facts on Checkpoint over Web Services API +description: + - Get override-categorization objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + url: + description: + - The URL for which we want to update the category and risk definitions, the URL and the object name are the same for Override Categorization. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-override-categorization + cp_mgmt_override_categorization_facts: + url: newOverride + +- name: show-override-categorizations + cp_mgmt_override_categorization_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + url=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "override-categorization" + api_call_object_plural_version = "override-categorizations" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_passcode_profile.py b/plugins/modules/cp_mgmt_passcode_profile.py new file mode 100644 index 0000000..b0cfd50 --- /dev/null +++ b/plugins/modules/cp_mgmt_passcode_profile.py @@ -0,0 +1,199 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_passcode_profile +short_description: Manages passcode-profile objects on Checkpoint over Web Services API +description: + - Manages passcode-profile objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + allow_simple_passcode: + description: + - The passcode length is 4 and only numeric values allowed. + type: bool + min_passcode_length: + description: + - Minimum passcode length - relevant if "allow-simple-passcode" is disable. + type: int + require_alphanumeric_passcode: + description: + - Require alphanumeric characters in the passcode - relevant if "allow-simple-passcode" is disable. + type: bool + min_passcode_complex_characters: + description: + - Minimum number of complex characters (if "require-alphanumeric-passcode" is enabled). The number of the complex characters cannot be greater + than number of the passcode length. + type: int + force_passcode_expiration: + description: + - Enable/disable expiration date to the passcode. + type: bool + passcode_expiration_period: + description: + - The period in days after which the passcode will expire. + type: int + enable_inactivity_time_lock: + description: + - Lock the device if app is inactive. + type: bool + max_inactivity_time_lock: + description: + - Time without user input before passcode must be re-entered (in minutes). + type: int + enable_passcode_failed_attempts: + description: + - Exit after few failures in passcode verification. + type: bool + max_passcode_failed_attempts: + description: + - Number of failed attempts allowed. + type: int + enable_passcode_history: + description: + - Check passcode history for reparations. + type: bool + passcode_history: + description: + - Number of passcodes that will be kept in history. + type: int + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-passcode-profile + cp_mgmt_passcode_profile: + name: New App Passcode Policy + state: present + +- name: set-passcode-profile + cp_mgmt_passcode_profile: + allow_simple_passcode: 'true' + max_inactivity_time_lock: '30' + name: New App Passcode Policy + require_alphanumeric_passcode: 'false' + state: present + +- name: delete-passcode-profile + cp_mgmt_passcode_profile: + name: My App Passcode Policy + state: absent +""" + +RETURN = """ +cp_mgmt_passcode_profile: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + allow_simple_passcode=dict(type='bool'), + min_passcode_length=dict(type='int'), + require_alphanumeric_passcode=dict(type='bool'), + min_passcode_complex_characters=dict(type='int'), + force_passcode_expiration=dict(type='bool'), + passcode_expiration_period=dict(type='int'), + enable_inactivity_time_lock=dict(type='bool'), + max_inactivity_time_lock=dict(type='int'), + enable_passcode_failed_attempts=dict(type='bool'), + max_passcode_failed_attempts=dict(type='int'), + enable_passcode_history=dict(type='bool'), + passcode_history=dict(type='int'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'passcode-profile' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_passcode_profile_facts.py b/plugins/modules/cp_mgmt_passcode_profile_facts.py new file mode 100644 index 0000000..6289920 --- /dev/null +++ b/plugins/modules/cp_mgmt_passcode_profile_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_passcode_profile_facts +short_description: Get passcode-profile objects facts on Checkpoint over Web Services API +description: + - Get passcode-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-passcode-profile + cp_mgmt_passcode_profile_facts: + name: My App Passcode Policy + +- name: show-passcode-profiles + cp_mgmt_passcode_profile_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "passcode-profile" + api_call_object_plural_version = "passcode-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_resource_cifs.py b/plugins/modules/cp_mgmt_resource_cifs.py new file mode 100644 index 0000000..0dfad0f --- /dev/null +++ b/plugins/modules/cp_mgmt_resource_cifs.py @@ -0,0 +1,171 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_resource_cifs +short_description: Manages resource-cifs objects on Checkpoint over Web Services API +description: + - Manages resource-cifs objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + allowed_disk_and_print_shares: + description: + - The list of Allowed Disk and Print Shares. Must be added in pairs. + type: list + elements: dict + suboptions: + server_name: + description: + - Blocks the ability to remotely manipulate a the window's registry. + type: str + share_name: + description: + - Disk shares. + type: str + log_mapped_shares: + description: + - Logs each share map attempt. + type: bool + log_access_violation: + description: + - Logs any attempt to violate the restrictions imposed by the Resource. + type: bool + block_remote_registry_access: + description: + - Blocks the ability to remotely manipulate a the window's registry. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-resource-cifs + cp_mgmt_resource_cifs: + allowed_disk_and_print_shares: + - server_name: server1 + share_name: share1 + - server_name: server2 + share_name: share2 + name: newCifsResource + state: present + +- name: set-resource-cifs + cp_mgmt_resource_cifs: + allowed_disk_and_print_shares: + - server_name: server5 + share_name: share5 + - server_name: server6 + share_name: share6 + name: newCifsResource3 + state: present + +- name: delete-resource-cifs + cp_mgmt_resource_cifs: + name: newCifsResource + state: absent +""" + +RETURN = """ +cp_mgmt_resource_cifs: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + allowed_disk_and_print_shares=dict(type='list', elements='dict', options=dict( + server_name=dict(type='str'), + share_name=dict(type='str') + )), + log_mapped_shares=dict(type='bool'), + log_access_violation=dict(type='bool'), + block_remote_registry_access=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'resource-cifs' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_resource_cifs_facts.py b/plugins/modules/cp_mgmt_resource_cifs_facts.py new file mode 100644 index 0000000..c341a8d --- /dev/null +++ b/plugins/modules/cp_mgmt_resource_cifs_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_resource_cifs_facts +short_description: Get resource-cifs objects facts on Checkpoint over Web Services API +description: + - Get resource-cifs objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-resource-cifs + cp_mgmt_resource_cifs_facts: + name: newCifsResource + +- name: show-resources-cifs + cp_mgmt_resource_cifs_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "resource-cifs" + api_call_object_plural_version = "resources-cifs" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_resource_ftp.py b/plugins/modules/cp_mgmt_resource_ftp.py new file mode 100644 index 0000000..b8525c1 --- /dev/null +++ b/plugins/modules/cp_mgmt_resource_ftp.py @@ -0,0 +1,177 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_resource_ftp +short_description: Manages resource-ftp objects on Checkpoint over Web Services API +description: + - Manages resource-ftp objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + resource_matching_method: + description: + - GET allows Downloads from the server to the client. PUT allows Uploads from the client to the server. + type: str + choices: ['get', 'put', 'get_and_put'] + exception_track: + description: + - The UID or Name of the exception track to be used to log actions taken as a result of a match on the resource. + type: str + choices: ['none', 'exception log', 'exception alert'] + resources_path: + description: + - Refers to a location on the FTP server. + type: str + cvp: + description: + - Configure CVP inspection on mail messages. + type: dict + suboptions: + enable_cvp: + description: + - Select to enable the Content Vectoring Protocol. + type: bool + server: + description: + - The UID or Name of the CVP server, make sure the CVP server is already be defined as an OPSEC Application. + type: str + allowed_to_modify_content: + description: + - Configures the CVP server to inspect but not modify content. + type: bool + reply_order: + description: + - Designates when the CVP server returns data to the Security Gateway security server. + type: str + choices: ['return_data_after_content_is_approved', 'return_data_before_content_is_approved'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-resource-ftp + cp_mgmt_resource_ftp: + exception_track: exception log + name: newFtpResource + resource_matching_method: get_and_put + resources_path: path + state: present + +- name: set-resource-ftp + cp_mgmt_resource_ftp: + name: newFtpResource + resource_matching_method: put + state: present + +- name: delete-resource-ftp + cp_mgmt_resource_ftp: + name: newFtpResource + state: absent +""" + +RETURN = """ +cp_mgmt_resource_ftp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + resource_matching_method=dict(type='str', choices=['get', 'put', 'get_and_put']), + exception_track=dict(type='str', choices=['none', 'exception log', 'exception alert']), + resources_path=dict(type='str'), + cvp=dict(type='dict', options=dict( + enable_cvp=dict(type='bool'), + server=dict(type='str'), + allowed_to_modify_content=dict(type='bool'), + reply_order=dict(type='str', choices=['return_data_after_content_is_approved', 'return_data_before_content_is_approved']) + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'resource-ftp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_resource_ftp_facts.py b/plugins/modules/cp_mgmt_resource_ftp_facts.py new file mode 100644 index 0000000..88ea475 --- /dev/null +++ b/plugins/modules/cp_mgmt_resource_ftp_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_resource_ftp_facts +short_description: Get resource-ftp objects facts on Checkpoint over Web Services API +description: + - Get resource-ftp objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-resource-ftp + cp_mgmt_resource_ftp_facts: + name: newFtpResource + +- name: show-resources-ftp + cp_mgmt_resource_ftp_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "resource-ftp" + api_call_object_plural_version = "resources-ftp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_resource_smtp.py b/plugins/modules/cp_mgmt_resource_smtp.py new file mode 100644 index 0000000..fbc7a51 --- /dev/null +++ b/plugins/modules/cp_mgmt_resource_smtp.py @@ -0,0 +1,338 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_resource_smtp +short_description: Manages resource-smtp objects on Checkpoint over Web Services API +description: + - Manages resource-smtp objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + mail_delivery_server: + description: + - Specify the server to which mail is forwarded. + type: str + deliver_messages_using_dns_mx_records: + description: + - MX record resolving is used to set the destination IP address of the connection. + type: bool + check_rulebase_with_new_destination: + description: + - The Rule Base will be rechecked with the new resolved IP address for mail delivery. + type: bool + notify_sender_on_error: + description: + - Enable error mail delivery. + type: bool + error_mail_delivery_server: + description: + - Error mail delivery happens if the SMTP security server is unable to deliver the message within the abandon time, and Notify Sender on Error + is checked. + type: str + error_deliver_messages_using_dns_mx_records: + description: + - MX record resolving will be used to set the source IP address of the connection used to send the error message. + type: bool + error_check_rulebase_with_new_destination: + description: + - The Rule Base will be rechecked with the new resolved IP address for error mail delivery. + type: bool + exception_track: + description: + - Determines if an action specified in the Action 2 and CVP categories taken as a result of a resource definition is logged. + type: str + choices: ['none', 'exception log', 'exception alert'] + match: + description: + - Set the Match properties for the SMTP resource. + type: dict + suboptions: + sender: + description: + - Set the Match sender property for the SMTP resource. + type: str + recipient: + description: + - Set the Match recipient property for the SMTP resource. + type: str + action_1: + description: + - Use the Rewriting Rules to rewrite Sender and Recipient headers in emails, you can also rewrite other email headers by using the custom header field. + type: dict + suboptions: + sender: + description: + - Rewrite Sender header. + type: dict + suboptions: + original: + description: + - Original field. + type: str + rewritten: + description: + - Replacement field. + type: str + recipient: + description: + - Rewrite Recipient header. + type: dict + suboptions: + original: + description: + - Original field. + type: str + rewritten: + description: + - Replacement field. + type: str + custom_field: + description: + - The name of the header. + type: dict + suboptions: + original: + description: + - Original field. + type: str + rewritten: + description: + - Replacement field. + type: str + field: + description: + - The name of the header. + type: str + action_2: + description: + - Use this window to configure mail inspection for the SMTP Resource. + type: dict + suboptions: + strip_mime_of_type: + description: + - Specifies the MIME type to strip from the message. + type: str + strip_file_by_name: + description: + - Strips file attachments of the specified name from the message. + type: str + mail_capacity: + description: + - Restrict the size (in kb) of incoming email attachments. + type: int + allowed_characters: + description: + - The MIME email headers can consist of 8 or 7 bit characters (7 ASCII and 8 for sending Binary characters) in order to encode mail data. + type: str + choices: ['8_bit', '7_bit'] + strip_script_tags: + description: + - Strip JAVA scripts. + type: bool + strip_applet_tags: + description: + - Strip JAVA applets. + type: bool + strip_activex_tags: + description: + - Strip activeX tags. + type: bool + strip_ftp_links: + description: + - Strip ftp links. + type: bool + strip_port_strings: + description: + - Strip ports. + type: bool + cvp: + description: + - Configure CVP inspection on mail messages. + type: dict + suboptions: + enable_cvp: + description: + - Select to enable the Content Vectoring Protocol. + type: bool + server: + description: + - The UID or Name of the CVP server, make sure the CVP server is already be defined as an OPSEC Application. + type: str + allowed_to_modify_content: + description: + - Configures the CVP server to inspect but not modify content. + type: bool + reply_order: + description: + - Designates when the CVP server returns data to the Security Gateway security server. + type: str + choices: ['return_data_after_content_is_approved', 'return_data_before_content_is_approved'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-resource-smtp + cp_mgmt_resource_smtp: + deliver_messages_using_dns_mx_records: 'true' + exception_track: exception log + mail_delivery_server: deliverServer + match: + recipient: recipientName + sender: senderName + name: newSmtpResource + state: present + +- name: set-resource-smtp + cp_mgmt_resource_smtp: + mail_delivery_server: newServer + name: newSmtpResource + state: present + +- name: delete-resource-smtp + cp_mgmt_resource_smtp: + name: newSmtpResource + state: absent +""" + +RETURN = """ +cp_mgmt_resource_smtp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + mail_delivery_server=dict(type='str'), + deliver_messages_using_dns_mx_records=dict(type='bool'), + check_rulebase_with_new_destination=dict(type='bool'), + notify_sender_on_error=dict(type='bool'), + error_mail_delivery_server=dict(type='str'), + error_deliver_messages_using_dns_mx_records=dict(type='bool'), + error_check_rulebase_with_new_destination=dict(type='bool'), + exception_track=dict(type='str', choices=['none', 'exception log', 'exception alert']), + match=dict(type='dict', options=dict( + sender=dict(type='str'), + recipient=dict(type='str') + )), + action_1=dict(type='dict', options=dict( + sender=dict(type='dict', options=dict( + original=dict(type='str'), + rewritten=dict(type='str') + )), + recipient=dict(type='dict', options=dict( + original=dict(type='str'), + rewritten=dict(type='str') + )), + custom_field=dict(type='dict', options=dict( + original=dict(type='str'), + rewritten=dict(type='str'), + field=dict(type='str') + )) + )), + action_2=dict(type='dict', options=dict( + strip_mime_of_type=dict(type='str'), + strip_file_by_name=dict(type='str'), + mail_capacity=dict(type='int'), + allowed_characters=dict(type='str', choices=['8_bit', '7_bit']), + strip_script_tags=dict(type='bool'), + strip_applet_tags=dict(type='bool'), + strip_activex_tags=dict(type='bool'), + strip_ftp_links=dict(type='bool'), + strip_port_strings=dict(type='bool') + )), + cvp=dict(type='dict', options=dict( + enable_cvp=dict(type='bool'), + server=dict(type='str'), + allowed_to_modify_content=dict(type='bool'), + reply_order=dict(type='str', choices=['return_data_after_content_is_approved', 'return_data_before_content_is_approved']) + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'resource-smtp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_resource_smtp_facts.py b/plugins/modules/cp_mgmt_resource_smtp_facts.py new file mode 100644 index 0000000..077325d --- /dev/null +++ b/plugins/modules/cp_mgmt_resource_smtp_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_resource_smtp_facts +short_description: Get resource-smtp objects facts on Checkpoint over Web Services API +description: + - Get resource-smtp objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-resource-smtp + cp_mgmt_resource_smtp_facts: + name: newSmtpResource + +- name: show-resources-smtp + cp_mgmt_resource_smtp_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "resource-smtp" + api_call_object_plural_version = "resources-smtp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_resource_uri.py b/plugins/modules/cp_mgmt_resource_uri.py new file mode 100644 index 0000000..dabe49f --- /dev/null +++ b/plugins/modules/cp_mgmt_resource_uri.py @@ -0,0 +1,424 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_resource_uri +short_description: Manages resource-uri objects on Checkpoint over Web Services API +description: + - Manages resource-uri objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + use_this_resource_to: + description: + - Select the use of the URI resource. + type: str + choices: ['enforce_uri_capabilities', 'optimize_url_logging', 'enhance_ufp_performance'] + connection_methods: + description: + - Connection methods. + type: dict + suboptions: + transparent: + description: + - The security server is invisible to the client that originates the connection, and to the server. The Transparent connection method is + the most secure. + type: bool + proxy: + description: + - The Resource is applied when people specify the Check Point Security Gateway as a proxy in their browser. + type: bool + tunneling: + description: + - The Resource is applied when people specify the Security Gateway as a proxy in their browser, and is used for connections where + Security Gateway cannot examine the contents of the packets, not even the URL. + type: bool + uri_match_specification_type: + description: + - The type can be Wild Cards or UFP, where a UFP server holds categories of forbidden web sites. + type: str + choices: ['wildcards', 'ufp'] + exception_track: + description: + - Configures how to track connections that match this rule but fail the content security checks. An example of an exception is a connection with + an unsupported scheme or method. + type: str + choices: ['none', 'exception log', 'exception alert'] + match_ufp: + description: + - Match-Ufp settings. + type: dict + suboptions: + server: + description: + - The UID or Name of the UFP server that is an OPSEC certified third party application that checks URLs against a list of permitted categories. + type: str + caching_control: + description: + - Specifies if and how caching is to be enabled. + type: str + choices: ['security_gateway_one_request', 'security_gateway_two_requests', 'no_caching', 'ufp_server'] + ignore_ufp_server_after_failure: + description: + - The UFP server will be ignored after numerous UFP server connections were unsuccessful. + type: bool + number_of_failures_before_ignore: + description: + - Signifies at what point the UFP server should be ignored. + type: int + timeout_before_reconnecting: + description: + - The amount of time that must pass before a UFP server connection should be attempted. + type: int + match_wildcards: + description: + - Match-Wildcards settings. + type: dict + suboptions: + schemes: + description: + - Select the URI Schemes to which this resource applies. + type: dict + suboptions: + http: + description: + - Http scheme. + type: bool + ftp: + description: + - Ftp scheme. + type: bool + gopher: + description: + - Gopher scheme. + type: bool + mailto: + description: + - Mailto scheme. + type: bool + news: + description: + - News scheme. + type: bool + wais: + description: + - Wais scheme. + type: bool + other: + description: + - You can specify another scheme in the Other field. You can use wildcards. + type: str + methods: + description: + - Select the URI Schemes to which this resource applies. + type: dict + suboptions: + get: + description: + - GET method. + type: bool + post: + description: + - POST method. + type: bool + head: + description: + - HEAD method. + type: bool + put: + description: + - PUT method. + type: bool + other: + description: + - You can specify another method in the Other field. You can use wildcards. + type: str + host: + description: + - The functionality of the Host parameter depends on the DNS setup of the addressed server. For the host, only the IP address or the + full DNS name should be used. + type: str + path: + description: + - Name matching is based on appending the file name in the request to the current working directory (unless the file name is already a + full path name) and comparing the result to the path specified in the Resource definition. + type: str + query: + description: + - The parameters that are sent to the URI when it is accessed. + type: str + action: + description: + - Action settings. + type: dict + suboptions: + replacement_uri: + description: + - If the Action in a rule which uses this resource is Drop or Reject, then the Replacement URI is displayed instead of the one requested by the user. + type: str + strip_script_tags: + description: + - Strip JAVA scripts. + type: bool + strip_applet_tags: + description: + - Strip JAVA applets. + type: bool + strip_activex_tags: + description: + - Strip activeX tags. + type: bool + strip_ftp_links: + description: + - Strip ftp links. + type: bool + strip_port_strings: + description: + - Strip ports. + type: bool + cvp: + description: + - CVP settings. + type: dict + suboptions: + enable_cvp: + description: + - Select to enable the Content Vectoring Protocol. + type: bool + server: + description: + - The UID or Name of the CVP server, make sure the CVP server is already be defined as an OPSEC Application. + type: str + allowed_to_modify_content: + description: + - Configures the CVP server to inspect but not modify content. + type: bool + send_http_headers_to_cvp: + description: + - Select, if you would like the CVP server to check the HTTP headers of the message packets. + type: bool + reply_order: + description: + - Designates when the CVP server returns data to the Security Gateway security server. + type: str + choices: ['return_data_after_content_is_approved', 'return_data_before_content_is_approved'] + send_http_request_to_cvp: + description: + - Used to protect against undesirable content in the HTTP request, for example, when inspecting peer-to-peer connections. + type: bool + send_only_unsafe_file_types: + description: + - Improves the performance of the CVP server. This option does not send to the CVP server traffic that is considered safe. + type: bool + soap: + description: + - SOAP settings. + type: dict + suboptions: + inspection: + description: + - Allow all SOAP Requests, or Allow only SOAP requests specified in the following file-id. + type: str + choices: ['allow_all_soap_requests', 'allow_soap_requests_as_specified_in_file'] + file_id: + description: + - A file containing SOAP requests. + type: str + choices: ['scheme1', 'scheme2', 'scheme3', 'scheme4', 'scheme5', 'scheme6', 'scheme7', 'scheme8', 'scheme9', 'scheme10'] + track_connections: + description: + - The method of tracking SOAP connections. + type: str + choices: ['none', 'log', 'popup_alert', 'mail_alert', 'snmp_trap_alert', 'user_defined_alert_no', 'user_defined_alert_no', 'user_defined_alert_no'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-resource-uri + cp_mgmt_resource_uri: + connection_methods: + transparent: 'false' + tunneling: 'true' + match_wildcards: + host: hostName + path: pathName + name: newUriResource + state: present + uri_match_specification_type: wildcards + use_this_resource_to: optimize_url_logging + +- name: set-resource-uri + cp_mgmt_resource_uri: + connection_methods: + transparent: 'false' + tunneling: 'true' + match_wildcards: + host: hostName + path: pathName + name: newUriResource + state: present + uri_match_specification_type: wildcards + use_this_resource_to: optimize_url_logging + +- name: delete-resource-uri + cp_mgmt_resource_uri: + name: newUriResource + state: absent +""" + +RETURN = """ +cp_mgmt_resource_uri: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + use_this_resource_to=dict(type='str', choices=['enforce_uri_capabilities', 'optimize_url_logging', 'enhance_ufp_performance']), + connection_methods=dict(type='dict', options=dict( + transparent=dict(type='bool'), + proxy=dict(type='bool'), + tunneling=dict(type='bool') + )), + uri_match_specification_type=dict(type='str', choices=['wildcards', 'ufp']), + exception_track=dict(type='str', choices=['none', 'exception log', 'exception alert']), + match_ufp=dict(type='dict', options=dict( + server=dict(type='str'), + caching_control=dict(type='str', choices=['security_gateway_one_request', 'security_gateway_two_requests', 'no_caching', 'ufp_server']), + ignore_ufp_server_after_failure=dict(type='bool'), + number_of_failures_before_ignore=dict(type='int'), + timeout_before_reconnecting=dict(type='int') + )), + match_wildcards=dict(type='dict', options=dict( + schemes=dict(type='dict', options=dict( + http=dict(type='bool'), + ftp=dict(type='bool'), + gopher=dict(type='bool'), + mailto=dict(type='bool'), + news=dict(type='bool'), + wais=dict(type='bool'), + other=dict(type='str') + )), + methods=dict(type='dict', options=dict( + get=dict(type='bool'), + post=dict(type='bool'), + head=dict(type='bool'), + put=dict(type='bool'), + other=dict(type='str') + )), + host=dict(type='str'), + path=dict(type='str'), + query=dict(type='str') + )), + action=dict(type='dict', options=dict( + replacement_uri=dict(type='str'), + strip_script_tags=dict(type='bool'), + strip_applet_tags=dict(type='bool'), + strip_activex_tags=dict(type='bool'), + strip_ftp_links=dict(type='bool'), + strip_port_strings=dict(type='bool') + )), + cvp=dict(type='dict', options=dict( + enable_cvp=dict(type='bool'), + server=dict(type='str'), + allowed_to_modify_content=dict(type='bool'), + send_http_headers_to_cvp=dict(type='bool'), + reply_order=dict(type='str', choices=['return_data_after_content_is_approved', 'return_data_before_content_is_approved']), + send_http_request_to_cvp=dict(type='bool'), + send_only_unsafe_file_types=dict(type='bool') + )), + soap=dict(type='dict', options=dict( + inspection=dict(type='str', choices=['allow_all_soap_requests', 'allow_soap_requests_as_specified_in_file']), + file_id=dict(type='str', choices=['scheme1', 'scheme2', 'scheme3', 'scheme4', 'scheme5', 'scheme6', 'scheme7', 'scheme8', 'scheme9', 'scheme10']), + track_connections=dict(type='str', choices=['none', 'log', 'popup_alert', 'mail_alert', + 'snmp_trap_alert', 'user_defined_alert_no', 'user_defined_alert_no', 'user_defined_alert_no']) + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'resource-uri' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_resource_uri_facts.py b/plugins/modules/cp_mgmt_resource_uri_facts.py new file mode 100644 index 0000000..db44808 --- /dev/null +++ b/plugins/modules/cp_mgmt_resource_uri_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_resource_uri_facts +short_description: Get resource-uri objects facts on Checkpoint over Web Services API +description: + - Get resource-uri objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-resource-uri + cp_mgmt_resource_uri_facts: + name: newUriResource + +- name: show-resources-uri + cp_mgmt_resource_uri_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "resource-uri" + api_call_object_plural_version = "resources-uri" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_set_app_control_advanced_settings.py b/plugins/modules/cp_mgmt_set_app_control_advanced_settings.py new file mode 100644 index 0000000..45645e8 --- /dev/null +++ b/plugins/modules/cp_mgmt_set_app_control_advanced_settings.py @@ -0,0 +1,202 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_app_control_advanced_settings +short_description: Edit Application Control & URL Filtering Blades' Settings. +description: + - Edit Application Control & URL Filtering Blades' Settings. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + internal_error_fail_mode: + description: + - In case of internal system error, allow or block all connections. This property is not available in the Global domain of an MDS machine. + type: str + choices: ['allow connections', 'block connections'] + url_filtering_settings: + description: + - In this section user can enable URL Filtering features. This property is not available in the Global domain of an MDS machine. + type: dict + suboptions: + categorize_https_websites: + description: + - This option lets Application and URL Filtering assign categories to HTTPS sites without activating HTTPS inspection. It assigns a site + category based on its domain name and whether the site has a valid certificate. If the server certificate is, + Trusted - Application and URL Filtering gets the domain name from the certificate and uses it to categorize the site. + Not Trusted - Application and URL Filtering assigns a category based on the IP address. + This property is not available in the Global domain of an MDS machine. + type: bool + enforce_safe_search: + description: + - Select this option to require use of the safe search feature in search engines. When activated, the URL Filtering Policy uses the + strictest available safe search option for the specified search engine. This option overrides user specified search engine options to block + offensive material in search results. This property is not available in the Global domain of an MDS machine. + type: bool + categorize_cached_and_translated_pages: + description: + - Select this option to assign categories to cached search engine results and translated pages. When this option is selected, + Application and URL Filtering assigns categories based on the original Web site instead of the 'search engine pages' category. + This property is not available in the Global domain of an MDS machine. + type: bool + web_browsing_services: + description: + - Web browsing services are the services that match a Web-based custom Application/Site. + type: list + elements: str + match_application_on_any_port: + description: + - Match Web application on 'Any' port when used in Block rule - By default this is set to true. and so applications are matched on all services + when used in a Block rule. + type: bool + enable_web_browsing: + description: + - If you do not enable URL Filtering on the Security Gateway, you can use a generic Web browser application called Web Browsing in the + rule. This application includes all HTTP traffic that is not a defined application Application and URL Filtering + assigns Web Browsing as the default application for all HTTP traffic that does not match an application in the Application and + URL Filtering Database. This property is not available in the Global domain of an MDS machine. + type: bool + httpi_non_standard_ports: + description: + - Enable HTTP inspection on non standard ports for application and URL filtering. This property is not available in the Global domain of an + MDS machine. + type: bool + block_request_when_web_service_is_unavailable: + description: + - Block requests when the web service is unavailable. + When selected, requests are blocked when there is no connectivity to the Check Point Online Web Service. + When cleared, requests are allowed when there is no connectivity. + This property is not available in the Global domain of an MDS machine. + type: bool + website_categorization_mode: + description: + - Hold - Requests are blocked until categorization is complete. + Background - Requests are allowed until categorization is complete. + Custom - configure different settings depending on the service. Lets you set different modes for URL Filtering and Social Networking Widgets. + This property is not available in the Global domain of an MDS machine. + type: str + choices: ['hold', 'background', 'custom'] + custom_categorization_settings: + description: + - Website categorization mode - select the mode that is used for website categorization. + This property is not available in the Global domain of an MDS machine. + type: dict + suboptions: + url_filtering_mode: + description: + - Hold - Requests are blocked until categorization is complete. + Background - Requests are allowed until categorization is complete. + This property is not available in the Global domain of an MDS machine. + type: str + choices: ['hold', 'background'] + social_network_widgets_mode: + description: + - Hold - Requests are blocked until categorization is complete. + Background - Requests are allowed until categorization is complete. + This property is not available in the Global domain of an MDS machine. + type: str + choices: ['hold', 'background'] + categorize_social_network_widgets: + description: + - When selected, the Security Gateway connects to the Check Point Online Web Service to identify social networking widgets that it does not + recognize. When cleared or there is no connectivity between the Security Gateway and the Check Point Online Web, the unknown widget is treated as + Web Browsing traffic. This property is not available in the Global domain of an MDS machine. + type: bool + domain_level_permission: + description: + - Allows the editing of applications, categories, and services. This property is used only in the Global Domain of an MDS machine. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-app-control-advanced-settings + cp_mgmt_set_app_control_advanced_settings: + block_request_when_web_service_is_unavailable: 'true' + categorize_social_network_widgets: 'true' + custom_categorization_settings: + social_network_widgets_mode: background + url_filtering_mode: hold + enable_web_browsing: 'true' + httpi_non_standard_ports: 'true' + internal_error_fail_mode: block connections + match_application_on_any_port: 'true' + url_filtering_settings: + categorize_cached_and_translated_pages: 'false' + categorize_https_websites: 'true' + enforce_safe_search: 'true' + web_browsing_services: + - AH + website_categorization_mode: custom +""" + +RETURN = """ +cp_mgmt_set_app_control_advanced_settings: + description: The checkpoint set-app-control-advanced-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + internal_error_fail_mode=dict(type='str', choices=['allow connections', 'block connections']), + url_filtering_settings=dict(type='dict', options=dict( + categorize_https_websites=dict(type='bool'), + enforce_safe_search=dict(type='bool'), + categorize_cached_and_translated_pages=dict(type='bool') + )), + web_browsing_services=dict(type='list', elements='str'), + match_application_on_any_port=dict(type='bool'), + enable_web_browsing=dict(type='bool'), + httpi_non_standard_ports=dict(type='bool'), + block_request_when_web_service_is_unavailable=dict(type='bool'), + website_categorization_mode=dict(type='str', choices=['hold', 'background', 'custom']), + custom_categorization_settings=dict(type='dict', options=dict( + url_filtering_mode=dict(type='str', choices=['hold', 'background']), + social_network_widgets_mode=dict(type='str', choices=['hold', 'background']) + )), + categorize_social_network_widgets=dict(type='bool'), + domain_level_permission=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-app-control-advanced-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_set_content_awareness_advanced_settings.py b/plugins/modules/cp_mgmt_set_content_awareness_advanced_settings.py new file mode 100644 index 0000000..bd3cf6a --- /dev/null +++ b/plugins/modules/cp_mgmt_set_content_awareness_advanced_settings.py @@ -0,0 +1,100 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_content_awareness_advanced_settings +short_description: Edit Content Awareness Blades' Settings. +description: + - Edit Content Awareness Blades' Settings. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + internal_error_fail_mode: + description: + - In case of internal system error, allow or block all connections. + type: str + choices: ['allow connections', 'block connections'] + supported_services: + description: + - Specify the services that Content Awareness inspects. + type: list + elements: str + httpi_non_standard_ports: + description: + - Servers usually send HTTP traffic on TCP port 80. Some servers send HTTP traffic on other ports also. By default, this setting is enabled and + Content Awareness inspects HTTP traffic on non-standard ports. You can disable this setting and configure Content Awareness to inspect HTTP traffic + only on port 80. + type: bool + inspect_archives: + description: + - Examine the content of archive files. For example, files with the extension .zip, .gz, .tgz, .tar.Z, .tar, .lzma, .tlz, 7z, .rar. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-content-awareness-advanced-settings + cp_mgmt_set_content_awareness_advanced_settings: + httpi_non_standard_ports: 'false' + inspect_archives: 'false' + internal_error_fail_mode: block connections + supported_services: + - Squid_NTLM +""" + +RETURN = """ +cp_mgmt_set_content_awareness_advanced_settings: + description: The checkpoint set-content-awareness-advanced-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + internal_error_fail_mode=dict(type='str', choices=['allow connections', 'block connections']), + supported_services=dict(type='list', elements='str'), + httpi_non_standard_ports=dict(type='bool'), + inspect_archives=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-content-awareness-advanced-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_set_cp_trusted_ca_certificate.py b/plugins/modules/cp_mgmt_set_cp_trusted_ca_certificate.py new file mode 100644 index 0000000..8ba2d9f --- /dev/null +++ b/plugins/modules/cp_mgmt_set_cp_trusted_ca_certificate.py @@ -0,0 +1,98 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_cp_trusted_ca_certificate +short_description: Edit existing Check Point trusted CA certificate using name or uid. +description: + - Edit existing Check Point trusted CA certificate using name or uid.
By default all CP trusted CA certificates are enabled. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + status: + description: + - Indicates whether the trusted CP CA certificate is enabled/disabled. + type: str + choices: ['enabled', 'disabled'] + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-cp-trusted-ca-certificate + cp_mgmt_set_cp_trusted_ca_certificate: + name: CA_0090EA36_7A7C_42DF_93EE_CFE97D542FFB + status: disabled +""" + +RETURN = """ +cp_mgmt_set_cp_trusted_ca_certificate: + description: The checkpoint set-cp-trusted-ca-certificate output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + status=dict(type='str', choices=['enabled', 'disabled']), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-cp-trusted-ca-certificate" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_set_gateway_global_use.py b/plugins/modules/cp_mgmt_set_gateway_global_use.py new file mode 100644 index 0000000..a8c868b --- /dev/null +++ b/plugins/modules/cp_mgmt_set_gateway_global_use.py @@ -0,0 +1,86 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_gateway_global_use +short_description: Enable or disable global usage on a specific target. +description: + - Enable or disable global usage on a specific target. + - This command is available only after logging in to the System Data domain + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + enabled: + description: + - Indicates whether global use is enabled on the target. + type: bool + required: True + target: + description: + - On what target to execute this command. Target may be identified by its object name, or object unique identifier. + type: str + required: True +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-gateway-global-use + cp_mgmt_set_gateway_global_use: + enabled: true + target: vpn_gw +""" + +RETURN = """ +cp_mgmt_set_gateway_global_use: + description: The checkpoint set-gateway-global-use output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + enabled=dict(type='bool', required=True), + target=dict(type='str', required=True) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-gateway-global-use" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_set_https_advanced_settings.py b/plugins/modules/cp_mgmt_set_https_advanced_settings.py new file mode 100644 index 0000000..38ed575 --- /dev/null +++ b/plugins/modules/cp_mgmt_set_https_advanced_settings.py @@ -0,0 +1,232 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_https_advanced_settings +short_description: Edit HTTPS Inspection's Blades' Settings. +description: + - Edit HTTPS Inspection's Blades' Settings. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + bypass_on_client_failure: + description: + - Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during + handshake)
true - Fail-open (bypass all requests)
false - Fail-close (block all requests). + type: bool + bypass_on_failure: + description: + - Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server + authentication)
true - Fail-open (bypass all requests)
false - Fail-close (block all requests). + type: bool + bypass_under_load: + description: + - Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume + as soon as the load decreases. + type: dict + suboptions: + track: + description: + - Whether to log and send a notification for the bypass under load,
  • None - Does not record the + event.
  • Log - Records the event details. Use SmartConsole or SmartView to see the logs.
  • Alert - Logs the event and executes a + command you configured.
  • Mail - Sends an email to the administrator.
  • SNMP Trap - Sends an SNMP alert to the configured SNMP + Management Server.
  • User Defined Alert - Sends a custom alert.
. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + site_categorization_allow_mode: + description: + - Whether all requests should be allowed or blocked until categorization is complete.
Background - in order to allow requests until + categorization is complete.
Hold- in order to block requests until categorization is complete. + type: str + choices: ['background', 'hold'] + deny_untrusted_server_cert: + description: + - Set to be true in order to drop traffic from servers with untrusted server certificate. + type: bool + deny_revoked_server_cert: + description: + - Set to be true in order to drop traffic from servers with revoked server certificate (validate CRL). + type: bool + deny_expired_server_cert: + description: + - Set to be true in order to drop traffic from servers with expired server certificate. + type: bool + track_validation_errors: + description: + - Whether to log and send a notification for the server validation errors,
  • None - Does not record the + event.
  • Log - Records the event details in SmartView.
  • Alert - Logs the event and executes a command.
  • Mail - Sends an email to + the administrator.
  • SNMP Trap - Sends an SNMP alert to the SNMP GU.
  • User Defined Alert - Sends customized alerts.
. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', 'user defined alert no.3'] + retrieve_intermediate_ca_certificates: + description: + - Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the + certificate chain. + type: bool + blocked_certificates: + description: + - Collection of certificates objects identified by serial number.
Drop traffic from servers using the blocked certificate. + type: list + elements: dict + suboptions: + name: + description: + - Describes the name, cannot be overridden. + type: str + cert_serial_number: + description: + - Certificate Serial Number (unique) in hexadecimal format HH,HH. + type: str + comments: + description: + - Describes the certificate by default, can be overridden by any text. + type: str + blocked_certificate_tracking: + description: + - Controls whether to log and send a notification for dropped traffic.
  • None - Does not record the + event.
  • Log - Records the event details in SmartView.
  • Alert - Logs the event and executes a command.
  • Mail - Sends an email to + the administrator.
  • SNMP Trap - Sends an SNMP alert to the SNMP GU.
  • User Defined Alert - Sends customized alerts.
. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', 'user defined alert no.3'] + bypass_certificate_pinned_apps: + description: + - Configure the value "true" to bypass traffic from certificate-pinned applications approved by Check Point.
HTTPS Inspection cannot inspect + connections initiated by certificate-pinned applications. + type: bool + bypass_update_services: + description: + - Configure the value "true" to bypass traffic to well-known software update services. + type: bool + httpsi_statistics_logs: + description: + - Configure the value "true" to send logs for every TLS session for all rules in HTTPS Inspection policy. + type: bool + log_empty_ssl_connections: + description: + - Configure the value "true" to send logs about SSL connections that are closed without data or are closed in the middle of a handshake. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-https-advanced-settings + cp_mgmt_set_https_advanced_settings: + blocked_certificate_tracking: popup alert + bypass_certificate_pinned_apps: 'false' + bypass_on_client_failure: 'false' + bypass_on_failure: 'false' + bypass_under_load: + track: log + bypass_update_services: 'true' + deny_expired_server_cert: 'true' + deny_revoked_server_cert: 'false' + deny_untrusted_server_cert: 'true' + httpsi_statistics_logs: 'true' + log_empty_ssl_connections: 'true' + retrieve_intermediate_ca_certificates: 'true' + site_categorization_allow_mode: background + track_validation_errors: snmp trap alert +""" + +RETURN = """ +cp_mgmt_set_https_advanced_settings: + description: The checkpoint set-https-advanced-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + bypass_on_client_failure=dict(type='bool'), + bypass_on_failure=dict(type='bool'), + bypass_under_load=dict(type='dict', options=dict( + track=dict(type='str', choices=['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', + 'user defined alert no.1', 'user defined alert no.2', 'user defined alert no.3']) + )), + site_categorization_allow_mode=dict(type='str', choices=['background', 'hold']), + deny_untrusted_server_cert=dict(type='bool'), + deny_revoked_server_cert=dict(type='bool'), + deny_expired_server_cert=dict(type='bool'), + track_validation_errors=dict(type='str', choices=['none', 'log', 'popup alert', 'mail alert', + 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', 'user defined alert no.3']), + retrieve_intermediate_ca_certificates=dict(type='bool'), + blocked_certificates=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + cert_serial_number=dict(type='str'), + comments=dict(type='str') + )), + blocked_certificate_tracking=dict(type='str', choices=['none', 'log', 'popup alert', + 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3']), + bypass_certificate_pinned_apps=dict(type='bool'), + bypass_update_services=dict(type='bool'), + httpsi_statistics_logs=dict(type='bool'), + log_empty_ssl_connections=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-https-advanced-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_set_internal_trusted_ca.py b/plugins/modules/cp_mgmt_set_internal_trusted_ca.py new file mode 100644 index 0000000..17a9313 --- /dev/null +++ b/plugins/modules/cp_mgmt_set_internal_trusted_ca.py @@ -0,0 +1,152 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_internal_trusted_ca +short_description: Edit existing Internal CA object. +description: + - Edit existing Internal CA object. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + retrieve_crl_from_http_servers: + description: + - Whether to retrieve Certificate Revocation List from http servers. + type: bool + cache_crl: + description: + - Cache Certificate Revocation List on the Security Gateway. + type: bool + crl_cache_method: + description: + - Weather to retrieve new Certificate Revocation List after the certificate expires or after a fixed period. + type: str + choices: ['timeout', 'expiration date'] + crl_cache_timeout: + description: + - When to fetch new Certificate Revocation List (in minutes). + type: int + allow_certificates_from_branches: + description: + - Allow only certificates from listed branches. + type: bool + branches: + description: + - Branches to allow certificates from. Required only if "allow-certificates-from-branches" set to "true". + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-internal-trusted-ca + cp_mgmt_set_internal_trusted_ca: + cache_crl: 'false' + retrieve_crl_from_http_servers: 'false' +""" + +RETURN = """ +cp_mgmt_set_internal_trusted_ca: + description: The checkpoint set-internal-trusted-ca output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + retrieve_crl_from_http_servers=dict(type='bool'), + cache_crl=dict(type='bool'), + crl_cache_method=dict(type='str', choices=['timeout', 'expiration date']), + crl_cache_timeout=dict(type='int'), + allow_certificates_from_branches=dict(type='bool'), + branches=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-internal-trusted-ca" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_set_outbound_inspection_certificate.py b/plugins/modules/cp_mgmt_set_outbound_inspection_certificate.py new file mode 100644 index 0000000..92cb6f6 --- /dev/null +++ b/plugins/modules/cp_mgmt_set_outbound_inspection_certificate.py @@ -0,0 +1,152 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_outbound_inspection_certificate +short_description: Edit outbound-inspection-certificate +description: + - Edit outbound-inspection-certificate + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + issued_by: + description: + - The DN (Distinguished Name) of the certificate.
Required only if one of the following parameters is given, + base64-password, valid-from, valid-to. + type: str + base64_password: + description: + - Password (encoded in Base64 with padding) for the certificate file.
Required only if one of the following + parameters is given, issued-by, valid-from, valid-to. + type: str + valid_from: + description: + - The date, from which the certificate is valid. Format, YYYY-MM-DD.
Required only if one of the following + parameters is given, issued-by, base64-password, valid-to. + type: str + valid_to: + description: + - The certificate expiration date. Format, YYYY-MM-DD.
Required only if one of the following parameters is given, + issued-by, base64-password, valid-from. + type: str + name: + description: + - Object name. + type: str + required: True + is_default: + description: + - Is the certificate the default certificate. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ + +- name: set-outbound-inspection-certificate + cp_mgmt_set_outbound_inspection_certificate: + base64_password: bXlfcGFzc3dvcmQ= + is_default: 'false' + issued_by: www.checkpoint.com + name: OutboundCertificate + valid_from: '2021-04-17' + valid_to: '2028-04-17' +""" + +RETURN = """ +cp_mgmt_set_outbound_inspection_certificate: + description: The checkpoint set-outbound-inspection-certificate output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + issued_by=dict(type='str'), + base64_password=dict(type='str', no_log=True), + valid_from=dict(type='str'), + valid_to=dict(type='str'), + name=dict(type='str', required=True), + is_default=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + command = 'set-outbound-inspection-certificate' + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_show_app_control_advanced_settings.py b/plugins/modules/cp_mgmt_show_app_control_advanced_settings.py new file mode 100644 index 0000000..27338a4 --- /dev/null +++ b/plugins/modules/cp_mgmt_show_app_control_advanced_settings.py @@ -0,0 +1,78 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_app_control_advanced_settings +short_description: Show Application Control & URL Filtering Blades' Settings. +description: + - Show Application Control & URL Filtering Blades' Settings. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-app-control-advanced-settings + cp_mgmt_show_app_control_advanced_settings: +""" + +RETURN = """ +cp_mgmt_show_app_control_advanced_settings: + description: The checkpoint show-app-control-advanced-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-app-control-advanced-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_show_content_awareness_advanced_settings.py b/plugins/modules/cp_mgmt_show_content_awareness_advanced_settings.py new file mode 100644 index 0000000..6726a30 --- /dev/null +++ b/plugins/modules/cp_mgmt_show_content_awareness_advanced_settings.py @@ -0,0 +1,78 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_content_awareness_advanced_settings +short_description: Show Content Awareness Blades' Settings. +description: + - Show Content Awareness Blades' Settings. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-content-awareness-advanced-settings + cp_mgmt_show_content_awareness_advanced_settings: +""" + +RETURN = """ +cp_mgmt_show_content_awareness_advanced_settings: + description: The checkpoint show-content-awareness-advanced-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-content-awareness-advanced-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_show_gateway_capabilities.py b/plugins/modules/cp_mgmt_show_gateway_capabilities.py new file mode 100644 index 0000000..529c854 --- /dev/null +++ b/plugins/modules/cp_mgmt_show_gateway_capabilities.py @@ -0,0 +1,88 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_gateway_capabilities +short_description: Show supported Check Point Gateway capabilities such as versions, hardwares, platforms and blades. +description: + - Show supported Check Point Gateway capabilities such as versions, hardwares, platforms and blades. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + hardware: + description: + - Check Point hardware. + type: str + platform: + description: + - Check Point gateway platform. + type: str + choices: ['smb', 'quantum', 'maestro', 'elasticxl', 'vsnext', 'open server', 'other'] + version: + description: + - Gateway platform version. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-gateway-capabilities + cp_mgmt_show_gateway_capabilities: + platform: smb +""" + +RETURN = """ +cp_mgmt_show_gateway_capabilities: + description: The checkpoint show-gateway-capabilities output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + hardware=dict(type='str'), + platform=dict(type='str', choices=['smb', 'quantum', 'maestro', 'elasticxl', 'vsnext', 'open server', 'other']), + version=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-gateway-capabilities" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_show_gateway_global_use.py b/plugins/modules/cp_mgmt_show_gateway_global_use.py new file mode 100644 index 0000000..26aa251 --- /dev/null +++ b/plugins/modules/cp_mgmt_show_gateway_global_use.py @@ -0,0 +1,79 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_gateway_global_use +short_description: Show global usage of a specific target. +description: + - Show global usage of a specific target. + - This command is available only after logging in to the System Data domain + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + target: + description: + - On what target to execute this command. Target may be identified by its object name, or object unique identifier. + type: str + required: True +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-gateway-global-use + cp_mgmt_show_gateway_global_use: + target: vpn_gw +""" + +RETURN = """ +cp_mgmt_show_gateway_global_use: + description: The checkpoint show-gateway-global-use output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + target=dict(type='str', required=True) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-gateway-global-use" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_show_https_advanced_settings.py b/plugins/modules/cp_mgmt_show_https_advanced_settings.py new file mode 100644 index 0000000..2680109 --- /dev/null +++ b/plugins/modules/cp_mgmt_show_https_advanced_settings.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_https_advanced_settings +short_description: Show HTTPS Inspection's Blades' Settings. +description: + - Show HTTPS Inspection's Blades' Settings. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-https-advanced-settings + cp_mgmt_show_https_advanced_settings: +""" + +RETURN = """ +cp_mgmt_show_https_advanced_settings: + description: The checkpoint show-https-advanced-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + command = "show-https-advanced-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_show_internal_trusted_ca.py b/plugins/modules/cp_mgmt_show_internal_trusted_ca.py new file mode 100644 index 0000000..56d0f2d --- /dev/null +++ b/plugins/modules/cp_mgmt_show_internal_trusted_ca.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_internal_trusted_ca +short_description: Retrieve existing Internal CA object. +description: + - Retrieve existing Internal CA object. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-internal-trusted-ca + cp_mgmt_show_internal_trusted_ca: +""" + +RETURN = """ +cp_mgmt_show_internal_trusted_ca: + description: The checkpoint show-internal-trusted-ca output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-internal-trusted-ca" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_show_last_published_session.py b/plugins/modules/cp_mgmt_show_last_published_session.py new file mode 100644 index 0000000..892e3d5 --- /dev/null +++ b/plugins/modules/cp_mgmt_show_last_published_session.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_last_published_session +short_description: Shows the last published session. +description: + - Shows the last published session. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-last-published-session + cp_mgmt_show_last_published_session: +""" + +RETURN = """ +cp_mgmt_show_last_published_session: + description: The checkpoint show-last-published-session output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-last-published-session" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_show_mobile_access_profile_section.py b/plugins/modules/cp_mgmt_show_mobile_access_profile_section.py new file mode 100644 index 0000000..0be858f --- /dev/null +++ b/plugins/modules/cp_mgmt_show_mobile_access_profile_section.py @@ -0,0 +1,84 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_mobile_access_profile_section +short_description: Retrieve existing Mobile Access Profile section using section name or uid. +description: + - Retrieve existing Mobile Access Profile section using section name or uid. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-mobile-access-profile-section + cp_mgmt_show_mobile_access_profile_section: + name: New Section 1 +""" + +RETURN = """ +cp_mgmt_show_mobile_access_profile_section: + description: The checkpoint show-mobile-access-profile-section output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-mobile-access-profile-section" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_show_mobile_access_section.py b/plugins/modules/cp_mgmt_show_mobile_access_section.py new file mode 100644 index 0000000..dd722ad --- /dev/null +++ b/plugins/modules/cp_mgmt_show_mobile_access_section.py @@ -0,0 +1,84 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_mobile_access_section +short_description: Retrieve existing Mobile Access section using section name or uid. +description: + - Retrieve existing Mobile Access section using section name or uid. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-mobile-access-section + cp_mgmt_show_mobile_access_section: + name: New Section 1 +""" + +RETURN = """ +cp_mgmt_show_mobile_access_section: + description: The checkpoint show-mobile-access-section output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-mobile-access-section" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_verify_management_license.py b/plugins/modules/cp_mgmt_verify_management_license.py new file mode 100644 index 0000000..42dd434 --- /dev/null +++ b/plugins/modules/cp_mgmt_verify_management_license.py @@ -0,0 +1,70 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_verify_management_license +short_description: Check how many Security Gateway objects the Management Server license supports. +description: + - Check how many Security Gateway objects the Management Server license supports. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: verify-management-license + cp_mgmt_verify_management_license: +""" + +RETURN = """ +cp_mgmt_verify_management_license: + description: The checkpoint verify-management-license output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict() + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "verify-management-license" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/cp_mgmt_vsx_provisioning_tool.py b/plugins/modules/cp_mgmt_vsx_provisioning_tool.py new file mode 100644 index 0000000..a08f318 --- /dev/null +++ b/plugins/modules/cp_mgmt_vsx_provisioning_tool.py @@ -0,0 +1,902 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vsx_provisioning_tool +short_description: Run the VSX provisioning tool with the specified parameters. +description: + - Run the VSX provisioning tool with the specified parameters. Note: An automatic session publish is part of all the operations in this API. + - All operations are performed over Web Services API. +version_added: "6.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + operation: + description: + - The name of the provisioning operation to run. Each operation has its own specific parameters.
The available operations + are,
  • add-vsx-gateway - Adds a new VSX gateway
  • add-vsx-cluster - Adds a new VSX + cluster*
  • add-vsx-cluster-member - Adds a new VSX cluster member*
  • add-vd - Adds a new Virtual Device (VS/VSB/VSW/VR) to a + VSX gateway or VSX cluster
  • add-vd-interface - Adds a new virtual interface to a Virtual Device
  • add-physical-interface - + Adds a physical interface to a VSX gateway or VSX cluster
  • add-route - Adds a route to a Virtual Device
  • attach-bridge - + Attaches a bridge interface to a Virtual System
  • remove-vsx - Removes a VSX gateway or VSX cluster
  • remove-vd - Removes a + Virtual Device
  • remove-vd-interface - Removes an interface from a Virtual Device
  • remove-physical-interface - Removes a + physical interface from a VSX gateway or VSX cluster
  • remove-route - Removes a route from a Virtual Device
  • set-vd - + Modifies a Virtual Device
  • set-vd-interface - Modifies an interface on a Virtual Device
  • set-physical-interface - Modifies + a physical interface on a VSX cluster or VSX gateway

* When adding a VSX Cluster, you must also add at least 2 cluster members
* + Adding cluster members is only allowed when adding a new VSX cluster
* To add members to an existing cluster, use vsx-run-operation. + type: str + choices: ['attach-bridge', 'add-route', 'add-physical-interface', 'add-vd-interface', 'add-vsx-gateway', 'add-vsx-cluster', 'add-vd', + 'remove-route', 'remove-vd', 'remove-vsx', 'remove-physical-interface', 'remove-vd-interface', 'set-vd', 'set-physical-interface', + 'set-vd-interface'] + add_physical_interface_params: + description: + - Parameters for the operation to add a physical interface to a VSX gateway or VSX Cluster. + type: dict + suboptions: + name: + description: + - Name of the interface. + type: str + vsx_name: + description: + - Name of the VSX Gateway or Cluster object. + type: str + vlan_trunk: + description: + - True if this interface is a VLAN trunk. + type: bool + add_route_params: + description: + - Parameters for the operation to add a route to a Virtual System or Virtual Router. + type: dict + suboptions: + destination: + description: + - Route destination. To specify the default route, use 'default' for IPv4 and 'default6' for IPv6. + type: str + next_hop: + description: + - Next hop IP address. + type: str + leads_to: + description: + - Virtual Router for this route
This VD must have an existing connection to the VR. + type: str + vd: + description: + - Name of the Virtual System, Virtual Switch, or Virtual Router. + type: str + netmask: + description: + - Subnet mask for this route. + type: str + prefix: + description: + - CIDR prefix for this route. + type: str + propagate: + description: + - Propagate this route to adjacent virtual devices. + type: bool + add_vd_interface_params: + description: + - Parameters for the operation to add a new interface to a Virtual Device. + type: dict + suboptions: + leads_to: + description: + - Virtual Switch or Virtual Router for this interface. + type: str + name: + description: + - Name of the interface. + type: str + vd: + description: + - Name of the Virtual System, Virtual Switch, or Virtual Router. + type: str + anti_spoofing: + description: + - The anti-spoofing enforcement setting of this interface. + type: str + choices: ['prevent', 'detect', 'off'] + anti_spoofing_tracking: + description: + - The anti-spoofing tracking setting of this interface. + type: str + choices: ['none', 'alert', 'log'] + ipv4_address: + description: + - IPv4 Address of this interface with optional CIDR prefix.
Required if this interface belongs to a Virtual System or Virtual Router. + type: str + ipv4_netmask: + description: + - IPv4 Subnet mask of this interface. + type: str + ipv4_prefix: + description: + - IPv4 CIDR prefix of this interface. + type: str + ipv6_address: + description: + - IPv6 Address of this interface
Required if this interface belongs to a Virtual System or Virtual Router. + type: str + ipv6_netmask: + description: + - IPv6 Subnet mask of this interface. + type: str + ipv6_prefix: + description: + - IPv6 CIDR prefix of this interface. + type: str + mtu: + description: + - MTU of this interface. + type: int + propagate: + description: + - Propagate IPv4 route to adjacent virtual devices. + type: bool + propagate6: + description: + - Propagate IPv6 route to adjacent virtual devices. + type: bool + specific_group: + description: + - Specific group for interface topology.
Only for use with topology option 'internal_specific'. + type: str + topology: + description: + - Topology of this interface.
Automatic topology calculation based on routes must be disabled for this VS. + type: str + choices: ['external', 'internal_undefined', 'internal_this_network', 'internal_specific', 'defined_by_routes'] + vti_settings: + description: + - VTI settings for this interface. This Virtual System must have VPN blade enabled. + type: dict + suboptions: + local_ipv4_address: + description: + - The IPv4 address of the VPN tunnel on this Virtual System. + type: str + peer_name: + description: + - The name of the remote peer object as defined in the VPN community. + type: str + remote_ipv4_address: + description: + - The IPv4 address of the VPN tunnel on the remote VPN peer. + type: str + tunnel_id: + description: + - Optional unique Tunnel ID.
Automatically assigned by the system if empty. + type: str + add_vd_params: + description: + - Parameters for the operation to add a new Virtual Device (VS/VSB/VSW/VR). + type: dict + suboptions: + interfaces: + description: + - The list of interfaces for this new Virtual Device.
Optional if this new VD is a Virtual Switch. + type: list + elements: dict + suboptions: + leads_to: + description: + - Virtual Switch or Virtual Router for this interface. + type: str + name: + description: + - Name of the interface. + type: str + anti_spoofing: + description: + - The anti-spoofing enforcement setting of this interface. + type: str + choices: ['prevent', 'detect', 'off'] + anti_spoofing_tracking: + description: + - The anti-spoofing tracking setting of this interface. + type: str + choices: ['none', 'alert', 'log'] + ipv4_address: + description: + - IPv4 Address of this interface with optional CIDR prefix.
Required if this interface belongs to a Virtual System or Virtual Router. + type: str + ipv4_netmask: + description: + - IPv4 Subnet mask of this interface. + type: str + ipv4_prefix: + description: + - IPv4 CIDR prefix of this interface. + type: str + ipv6_address: + description: + - IPv6 Address of this interface
Required if this interface belongs to a Virtual System or Virtual Router. + type: str + ipv6_netmask: + description: + - IPv6 Subnet mask of this interface. + type: str + ipv6_prefix: + description: + - IPv6 CIDR prefix of this interface. + type: str + mtu: + description: + - MTU of this interface. + type: int + propagate: + description: + - Propagate IPv4 route to adjacent virtual devices. + type: bool + propagate6: + description: + - Propagate IPv6 route to adjacent virtual devices. + type: bool + specific_group: + description: + - Specific group for interface topology.
Only for use with topology option 'internal_specific'. + type: str + topology: + description: + - Topology of this interface.
Automatic topology calculation based on routes must be disabled for this VS. + type: str + choices: ['external', 'internal_undefined', 'internal_this_network', 'internal_specific', 'defined_by_routes'] + type: + description: + - Type of the Virtual Device

vs - Virtual Firewall
vr - Virtual Router
vsw - Virtual Switch
vsbm - Virtual Firewall in bridge mode. + type: str + choices: ['vs', 'vr', 'vsw', 'vsbm'] + vd: + description: + - Name of the Virtual System, Virtual Switch, or Virtual Router. + type: str + vsx_name: + description: + - Name of the VSX Gateway or Cluster object. + type: str + calc_topology_auto: + description: + - Calculate interface topology automatically based on routes.
Relevant only for Virtual Systems.
Do not use for virtual devices. + type: bool + ipv4_address: + description: + - Main IPv4 Address.
Required if this device is a Virtual System.
Do not use for other virtual devices. + type: str + ipv4_instances: + description: + - Number of IPv4 instances for the Virtual System.
Must be greater or equal to 1.
Only relevant for Virtual Systems and Virtual + Systems in bridge mode. + type: int + ipv6_address: + description: + - Main IPv6 Address.
Required if this device is a Virtual System.
Do not use for other virtual devices. + type: str + ipv6_instances: + description: + - Number of IPv6 instances for the Virtual System.
Only relevant for Virtual Systems and Virtual Systems in bridge mode. + type: int + routes: + description: + - The list of routes for this new Virtual Device (VS or VR only). + type: list + elements: dict + suboptions: + destination: + description: + - Route destination. To specify the default route, use 'default' for IPv4 and 'default6' for IPv6. + type: str + next_hop: + description: + - Next hop IP address. + type: str + leads_to: + description: + - Virtual Router for this route
This VD must have an existing connection to the VR. + type: str + netmask: + description: + - Subnet mask for this route. + type: str + prefix: + description: + - CIDR prefix for this route. + type: str + propagate: + description: + - Propagate this route to adjacent virtual devices. + type: bool + vs_mtu: + description: + - MTU of the Virtual System.
Only relevant for Virtual Systems in bridge mode.
Do not use for other virtual devices. + type: int + add_vsx_cluster_params: + description: + - Parameters for the operation to add a new VSX Cluster. + type: dict + suboptions: + cluster_type: + description: + - Cluster type for the VSX Cluster Object.
Starting in R81.10, only VSLS can be configured during cluster creation.
To use High + Availability ('ha'), first create the cluster as VSLS and then run vsx_util on the Management. + type: str + choices: ['vsls', 'ha'] + ipv4_address: + description: + - Main IPv4 Address of the VSX Gateway or Cluster object.
Optional if main IPv6 Address is defined. + type: str + ipv6_address: + description: + - Main IPv6 Address of the VSX Gateway or Cluster object.
Optional if main IPv4 Address is defined. + type: str + members: + description: + - The list of cluster members for this new VSX Cluster. Minimum, 2. + type: list + elements: dict + suboptions: + ipv4_address: + description: + - Main IPv4 Address of the VSX Cluster member.
Mandatory if the VSX Cluster has an IPv4 Address. + type: str + ipv6_address: + description: + - Main IPv6 Address of the VSX Cluster member.
Mandatory if the VSX Cluster has an IPv6 Address. + type: str + name: + description: + - Name of the new VSX Cluster member. + type: str + sic_otp: + description: + - SIC one-time-password of the VSX Gateway or Cluster member.
Password must be between 4-127 characters in length. + type: str + sync_ip: + description: + - Sync IP address for the VSX Cluster member. + type: str + sync_if_name: + description: + - Sync interface name for the VSX Cluster. + type: str + sync_netmask: + description: + - Sync interface netmask for the VSX Cluster. + type: str + vsx_version: + description: + - Version of the VSX Gateway or Cluster object. + type: str + vsx_name: + description: + - Name of the VSX Gateway or Cluster object. + type: str + rule_drop: + description: + - Add a default drop rule to the VSX Gateway or Cluster initial policy. + type: str + choices: ['enable', 'disable'] + rule_https: + description: + - Add a rule to allow HTTPS traffic to the VSX Gateway or Cluster initial policy. + type: str + choices: ['enable', 'disable'] + rule_ping: + description: + - Add a rule to allow ping traffic to the VSX Gateway or Cluster initial policy. + type: str + choices: ['enable', 'disable'] + rule_ping6: + description: + - Add a rule to allow ping6 traffic to the VSX Gateway or Cluster initial policy. + type: str + choices: ['enable', 'disable'] + rule_snmp: + description: + - Add a rule to allow SNMP traffic to the VSX Gateway or Cluster initial policy. + type: str + choices: ['enable', 'disable'] + rule_ssh: + description: + - Add a rule to allow SSH traffic to the VSX Gateway or Cluster initial policy. + type: str + choices: ['enable', 'disable'] + add_vsx_gateway_params: + description: + - Parameters for the operation to add a new VSX Gateway. + type: dict + suboptions: + ipv4_address: + description: + - Main IPv4 Address of the VSX Gateway or Cluster object.
Optional if main IPv6 Address is defined. + type: str + ipv6_address: + description: + - Main IPv6 Address of the VSX Gateway or Cluster object.
Optional if main IPv4 Address is defined. + type: str + sic_otp: + description: + - SIC one-time-password of the VSX Gateway or Cluster member.
Password must be between 4-127 characters in length. + type: str + vsx_version: + description: + - Version of the VSX Gateway or Cluster object. + type: str + vsx_name: + description: + - Name of the VSX Gateway or Cluster object. + type: str + rule_drop: + description: + - Add a default drop rule to the VSX Gateway or Cluster initial policy. + type: str + choices: ['enable', 'disable'] + rule_https: + description: + - Add a rule to allow HTTPS traffic to the VSX Gateway or Cluster initial policy. + type: str + choices: ['enable', 'disable'] + rule_ping: + description: + - Add a rule to allow ping traffic to the VSX Gateway or Cluster initial policy. + type: str + choices: ['enable', 'disable'] + rule_ping6: + description: + - Add a rule to allow ping6 traffic to the VSX Gateway or Cluster initial policy. + type: str + choices: ['enable', 'disable'] + rule_snmp: + description: + - Add a rule to allow SNMP traffic to the VSX Gateway or Cluster initial policy. + type: str + choices: ['enable', 'disable'] + rule_ssh: + description: + - Add a rule to allow SSH traffic to the VSX Gateway or Cluster initial policy. + type: str + choices: ['enable', 'disable'] + attach_bridge_params: + description: + - Parameters for the operation to attach a new bridge interface to a Virtual System. + type: dict + suboptions: + ifs1: + description: + - Name of the first interface for the bridge. + type: str + ifs2: + description: + - Name of the second interface for the bridge. + type: str + vd: + description: + - Name of the Virtual System, Virtual Switch, or Virtual Router. + type: str + remove_physical_interface_params: + description: + - Parameters for the operation to remove a physical interface from a VSX (Gateway or Cluster). + type: dict + suboptions: + name: + description: + - Name of the interface. + type: str + vsx_name: + description: + - Name of the VSX Gateway or Cluster object. + type: str + remove_route_params: + description: + - Parameters for the operation to remove a route from a Virtual System or Virtual Router. + type: dict + suboptions: + destination: + description: + - Route destination. To specify the default route, use 'default' for IPv4 and 'default6' for IPv6. + type: str + vd: + description: + - Name of the Virtual System, Virtual Switch, or Virtual Router. + type: str + netmask: + description: + - Subnet mask for this route. + type: str + prefix: + description: + - CIDR prefix for this route. + type: str + remove_vd_interface_params: + description: + - Parameters for the operation to remove a logical interface from a Virtual Device. + type: dict + suboptions: + leads_to: + description: + - Virtual Switch or Virtual Router for this interface. + type: str + name: + description: + - Name of the interface. + type: str + vd: + description: + - Name of the Virtual System, Virtual Switch, or Virtual Router. + type: str + remove_vd_params: + description: + - Parameters for the operation to remove a Virtual Device. + type: dict + suboptions: + vd: + description: + - Name of the Virtual System, Virtual Switch, or Virtual Router. + type: str + remove_vsx_params: + description: + - Parameters for the operation to remove a VSX Gateway or VSX Cluster. + type: dict + suboptions: + vsx_name: + description: + - Name of the VSX Gateway or Cluster object. + type: str + set_physical_interface_params: + description: + - Parameters for the operation to change the configuration of a physical interface. + type: dict + suboptions: + name: + description: + - Name of the interface. + type: str + vlan_trunk: + description: + - True if this interface is a VLAN trunk. + type: bool + vsx_name: + description: + - Name of the VSX Gateway or Cluster object. + type: str + set_vd_interface_params: + description: + - Parameters for the operation to change the configuration of a logical interface. + type: dict + suboptions: + leads_to: + description: + - Virtual Switch or Virtual Router for this interface. + type: str + name: + description: + - Name of the interface. + type: str + vd: + description: + - Name of the Virtual System, Virtual Switch, or Virtual Router. + type: str + anti_spoofing: + description: + - The anti-spoofing enforcement setting of this interface. + type: str + choices: ['prevent', 'detect', 'off'] + anti_spoofing_tracking: + description: + - The anti-spoofing tracking setting of this interface. + type: str + choices: ['none', 'alert', 'log'] + ipv4_address: + description: + - IPv4 Address of this interface with optional CIDR prefix.
Required if this interface belongs to a Virtual System or Virtual Router. + type: str + ipv6_address: + description: + - IPv6 Address of this interface
Required if this interface belongs to a Virtual System or Virtual Router. + type: str + mtu: + description: + - MTU of this interface. + type: int + new_leads_to: + description: + - New Virtual Switch or Virtual Router for this interface. + type: str + propagate: + description: + - Propagate IPv4 route to adjacent virtual devices. + type: bool + propagate6: + description: + - Propagate IPv6 route to adjacent virtual devices. + type: bool + specific_group: + description: + - Specific group for interface topology.
Only for use with topology option 'internal_specific'. + type: str + topology: + description: + - Topology of this interface.
Automatic topology calculation based on routes must be disabled for this VS. + type: str + choices: ['external', 'internal_undefined', 'internal_this_network', 'internal_specific', 'defined_by_routes'] + set_vd_params: + description: + - Parameters for the operation to change the configuration of a Virtual Device. + type: dict + suboptions: + vd: + description: + - Name of the Virtual System, Virtual Switch, or Virtual Router. + type: str + calc_topology_auto: + description: + - Calculate interface topology automatically based on routes.
Relevant only for Virtual Systems.
Do not use for virtual devices. + type: bool + ipv4_address: + description: + - Main IPv4 Address.
Relevant only if this device is a Virtual System.
Do not use for other virtual devices. + type: str + ipv4_instances: + description: + - Number of IPv4 instances for the Virtual System.
Must be greater or equal to 1.
Only relevant for Virtual Systems and Virtual + Systems in bridge mode. + type: int + ipv6_address: + description: + - Main IPv6 Address.
Relevant only if this device is a Virtual System.
Do not use for other virtual devices. + type: str + ipv6_instances: + description: + - Number of IPv6 instances for the Virtual System.
Only relevant for Virtual Systems and Virtual Systems in bridge mode. + type: int + vs_mtu: + description: + - MTU of the Virtual System.
Only relevant for Virtual Systems in bridge mode.
Do not use for other virtual devices. + type: int +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: vsx-provisioning-tool + cp_mgmt_vsx_provisioning_tool: + add_vsx_cluster_params: + cluster_type: vsls + ipv4_address: 10.1.1.15 + members: + - ipv4_address: 10.1.1.1 + name: VSX1 + sic_otp: sicotp123 + sync_ip: 192.168.1.1 + - ipv4_address: 10.1.1.2 + name: VSX2 + sic_otp: sicotp123 + sync_ip: 192.168.1.2 + rule_drop: enable + rule_ping: enable + sync_if_name: eth3 + sync_netmask: 255.255.255.0 + vsx_version: R81.10 + vsx_name: VSX_CLUSTER + operation: add-vsx-cluster +""" + +RETURN = """ +cp_mgmt_vsx_provisioning_tool: + description: The checkpoint vsx-provisioning-tool output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + operation=dict(type='str', choices=['attach-bridge', 'add-route', 'add-physical-interface', + 'add-vd-interface', 'add-vsx-gateway', 'add-vsx-cluster', 'add-vd', 'remove-route', 'remove-vd', 'remove-vsx', + 'remove-physical-interface', 'remove-vd-interface', 'set-vd', 'set-physical-interface', 'set-vd-interface']), + add_physical_interface_params=dict(type='dict', options=dict( + name=dict(type='str'), + vsx_name=dict(type='str'), + vlan_trunk=dict(type='bool') + )), + add_route_params=dict(type='dict', options=dict( + destination=dict(type='str'), + next_hop=dict(type='str'), + leads_to=dict(type='str'), + vd=dict(type='str'), + netmask=dict(type='str'), + prefix=dict(type='str'), + propagate=dict(type='bool') + )), + add_vd_interface_params=dict(type='dict', options=dict( + leads_to=dict(type='str'), + name=dict(type='str'), + vd=dict(type='str'), + anti_spoofing=dict(type='str', choices=['prevent', 'detect', 'off']), + anti_spoofing_tracking=dict(type='str', choices=['none', 'alert', 'log']), + ipv4_address=dict(type='str'), + ipv4_netmask=dict(type='str'), + ipv4_prefix=dict(type='str'), + ipv6_address=dict(type='str'), + ipv6_netmask=dict(type='str'), + ipv6_prefix=dict(type='str'), + mtu=dict(type='int'), + propagate=dict(type='bool'), + propagate6=dict(type='bool'), + specific_group=dict(type='str'), + topology=dict(type='str', choices=['external', 'internal_undefined', 'internal_this_network', 'internal_specific', 'defined_by_routes']), + vti_settings=dict(type='dict', options=dict( + local_ipv4_address=dict(type='str'), + peer_name=dict(type='str'), + remote_ipv4_address=dict(type='str'), + tunnel_id=dict(type='str') + )) + )), + add_vd_params=dict(type='dict', options=dict( + interfaces=dict(type='list', elements="dict", options=dict( + leads_to=dict(type='str'), + name=dict(type='str'), + anti_spoofing=dict(type='str', choices=['prevent', 'detect', 'off']), + anti_spoofing_tracking=dict(type='str', choices=['none', 'alert', 'log']), + ipv4_address=dict(type='str'), + ipv4_netmask=dict(type='str'), + ipv4_prefix=dict(type='str'), + ipv6_address=dict(type='str'), + ipv6_netmask=dict(type='str'), + ipv6_prefix=dict(type='str'), + mtu=dict(type='int'), + propagate=dict(type='bool'), + propagate6=dict(type='bool'), + specific_group=dict(type='str'), + topology=dict(type='str', choices=['external', 'internal_undefined', 'internal_this_network', 'internal_specific', 'defined_by_routes']) + )), + type=dict(type='str', choices=['vs', 'vr', 'vsw', 'vsbm']), + vd=dict(type='str'), + vsx_name=dict(type='str'), + calc_topology_auto=dict(type='bool'), + ipv4_address=dict(type='str'), + ipv4_instances=dict(type='int'), + ipv6_address=dict(type='str'), + ipv6_instances=dict(type='int'), + routes=dict(type='list', elements="dict", options=dict( + destination=dict(type='str'), + next_hop=dict(type='str'), + leads_to=dict(type='str'), + netmask=dict(type='str'), + prefix=dict(type='str'), + propagate=dict(type='bool') + )), + vs_mtu=dict(type='int') + )), + add_vsx_cluster_params=dict(type='dict', options=dict( + cluster_type=dict(type='str', choices=['vsls', 'ha']), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + members=dict(type='list', elements="dict", options=dict( + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + name=dict(type='str'), + sic_otp=dict(type='str'), + sync_ip=dict(type='str') + )), + sync_if_name=dict(type='str'), + sync_netmask=dict(type='str'), + vsx_version=dict(type='str'), + vsx_name=dict(type='str'), + rule_drop=dict(type='str', choices=['enable', 'disable']), + rule_https=dict(type='str', choices=['enable', 'disable']), + rule_ping=dict(type='str', choices=['enable', 'disable']), + rule_ping6=dict(type='str', choices=['enable', 'disable']), + rule_snmp=dict(type='str', choices=['enable', 'disable']), + rule_ssh=dict(type='str', choices=['enable', 'disable']) + )), + add_vsx_gateway_params=dict(type='dict', options=dict( + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + sic_otp=dict(type='str'), + vsx_version=dict(type='str'), + vsx_name=dict(type='str'), + rule_drop=dict(type='str', choices=['enable', 'disable']), + rule_https=dict(type='str', choices=['enable', 'disable']), + rule_ping=dict(type='str', choices=['enable', 'disable']), + rule_ping6=dict(type='str', choices=['enable', 'disable']), + rule_snmp=dict(type='str', choices=['enable', 'disable']), + rule_ssh=dict(type='str', choices=['enable', 'disable']) + )), + attach_bridge_params=dict(type='dict', options=dict( + ifs1=dict(type='str'), + ifs2=dict(type='str'), + vd=dict(type='str') + )), + remove_physical_interface_params=dict(type='dict', options=dict( + name=dict(type='str'), + vsx_name=dict(type='str') + )), + remove_route_params=dict(type='dict', options=dict( + destination=dict(type='str'), + vd=dict(type='str'), + netmask=dict(type='str'), + prefix=dict(type='str') + )), + remove_vd_interface_params=dict(type='dict', options=dict( + leads_to=dict(type='str'), + name=dict(type='str'), + vd=dict(type='str') + )), + remove_vd_params=dict(type='dict', options=dict( + vd=dict(type='str') + )), + remove_vsx_params=dict(type='dict', options=dict( + vsx_name=dict(type='str') + )), + set_physical_interface_params=dict(type='dict', options=dict( + name=dict(type='str'), + vlan_trunk=dict(type='bool'), + vsx_name=dict(type='str') + )), + set_vd_interface_params=dict(type='dict', options=dict( + leads_to=dict(type='str'), + name=dict(type='str'), + vd=dict(type='str'), + anti_spoofing=dict(type='str', choices=['prevent', 'detect', 'off']), + anti_spoofing_tracking=dict(type='str', choices=['none', 'alert', 'log']), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + mtu=dict(type='int'), + new_leads_to=dict(type='str'), + propagate=dict(type='bool'), + propagate6=dict(type='bool'), + specific_group=dict(type='str'), + topology=dict(type='str', choices=['external', 'internal_undefined', 'internal_this_network', 'internal_specific', 'defined_by_routes']) + )), + set_vd_params=dict(type='dict', options=dict( + vd=dict(type='str'), + calc_topology_auto=dict(type='bool'), + ipv4_address=dict(type='str'), + ipv4_instances=dict(type='int'), + ipv6_address=dict(type='str'), + ipv6_instances=dict(type='int'), + vs_mtu=dict(type='int') + )) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "vsx-provisioning-tool" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main()