Skip to content

Commit

Permalink
Adding a new module "access-rules"
Browse files Browse the repository at this point in the history
  • Loading branch information
chkp-shirango committed Dec 2, 2021
1 parent 622169b commit 51afbb0
Show file tree
Hide file tree
Showing 5 changed files with 464 additions and 0 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ Modules
* `cp_mgmt_access_role` – Manages access-role objects on Check Point over Web Services API
* `cp_mgmt_access_role_facts` – Get access-role objects facts on Check Point over Web Services API
* `cp_mgmt_access_rule` – Manages access-rule objects on Check Point over Web Services API
* `cp_mgmt_access_rules` – Manages a list of access rules objects on Check Point over Web Services API
* `cp_mgmt_access_rule_facts` – Get access-rule objects facts on Check Point over Web Services API
* `cp_mgmt_address_range` – Manages address-range objects on Check Point over Web Services API
* `cp_mgmt_address_range_facts` – Get address-range objects facts on Check Point over Web Services API
Expand Down
57 changes: 57 additions & 0 deletions plugins/action/cp_mgmt_access_rules.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
from __future__ import (absolute_import, division, print_function)

__metaclass__ = type


from ansible.errors import AnsibleActionFail
from ansible.plugins.action import ActionBase
from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import \
prepare_rule_params_for_execute_module, check_if_to_publish_for_action


class ActionModule(ActionBase):

def run(self, tmp=None, task_vars=None):

module = super(ActionModule, self).run(tmp, task_vars)

result = self._execute_module(module_name='check_point.mgmt.cp_mgmt_access_rules', module_args=self._task.args,
task_vars=task_vars, tmp=tmp)

if 'msg' in result.keys():
raise AnsibleActionFail(result['msg'])

module_args = self._task.args

fields = {'position', 'layer', 'auto_publish_session'}
rules_list = module_args['rules']
for rule in rules_list:
for field in fields:
if field in rule.keys():
raise AnsibleActionFail('Unsupported parameter ' + field + ' for rule')
# check_fields_for_rule_action_module(module_args)
rules_list = self._task.args['rules']
position = 1

for rule in rules_list:
rule, position = prepare_rule_params_for_execute_module(rule=rule, module_args=module_args,
position=position)
result['rule: ' + rule['name']] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_access_rule',
module_args=rule,
task_vars=task_vars, tmp=tmp, wrap_async=False)
if 'changed' in result['rule: ' + rule['name']].keys() and \
result['rule: ' + rule['name']]['changed'] is True:
result['changed'] = True
if 'failed' in result['rule: ' + rule['name']].keys() and result['rule: ' + rule['name']]['failed'] is True:
temp = result['rule: ' + rule['name']].copy()
result = {}
result['rule: ' + rule['name']] = temp
result['failed'] = True
result['discard:'] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_discard',
module_args={}, task_vars=task_vars, tmp=tmp)
break
if check_if_to_publish_for_action(result, module_args):
result['publish:'] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_publish', module_args={},
task_vars=task_vars, tmp=tmp)

return result
29 changes: 29 additions & 0 deletions plugins/doc_fragments/checkpoint_objects_action_module.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# -*- coding: utf-8 -*-

# Copyright: (c) 2019, Or Soffer <[email protected]>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import (absolute_import, division, print_function)
__metaclass__ = type


class ModuleDocFragment(object):

# Standard files documentation fragment
DOCUMENTATION = r'''
options:
auto_publish_session:
description:
- Publish the current session if changes have been performed
after task completes.
type: bool
wait_for_task_timeout:
description:
- How many minutes to wait until throwing a timeout error.
type: int
default: 30
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
'''
24 changes: 24 additions & 0 deletions plugins/module_utils/checkpoint.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@

from ansible.module_utils.connection import Connection

checkpoint_argument_spec_for_action_module = dict(
auto_publish_session=dict(type='bool'),
wait_for_task_timeout=dict(type='int', default=30),
version=dict(type='str')
)

checkpoint_argument_spec_for_objects = dict(
auto_publish_session=dict(type='bool'),
wait_for_task=dict(type='bool', default=True),
Expand Down Expand Up @@ -504,3 +510,21 @@ def install_policy(connection, policy_package, targets):
'targets': targets}

connection.send_request('/web_api/install-policy', payload)


def prepare_rule_params_for_execute_module(rule, module_args, position):
rule['layer'] = module_args['layer']
if 'details_level' in module_args.keys():
rule['details_level'] = module_args['details_level']
if 'state' not in rule.keys() or ('state' in rule.keys() and rule['state'] != 'absent'):
rule['position'] = position
position = position + 1

return rule, position


def check_if_to_publish_for_action(result, module_args):
to_publish = ('auto_publish_session' in module_args.keys() and module_args['auto_publish_session']) and \
('changed' in result.keys() and result['changed'] is True) and ('failed' not in result.keys() or
result['failed'] is False)
return to_publish
Loading

0 comments on commit 51afbb0

Please sign in to comment.