Merge pull request #42 from chkp-shirango/master

Add modules for multi-domains version and add an error message to tas…
CheckPointSW · Oct 4, 2021 · eee21f4 · eee21f4
2 parents a7695d5 + 7fdfaa0
commit eee21f4
Show file tree

Hide file tree

Showing 12 changed files with 1,499 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@ This Ansible collection provides control over a Check Point Management server us
 Check Point's web-services APIs.
 
 The Ansible Check Point modules reference can be found here:
-https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html#check-point
+https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/index.html#plugins-in-check-point-mgmt
 <br>Note - look only at the `cp_mgmt_*` modules, cause the `checkpoint_*` will be deprecated.
 
 This is the repository of the mgmt collection which can be found here - https://galaxy.ansible.com/check_point/mgmt
@@ -119,6 +119,8 @@ Modules
 * `cp_mgmt_host` – Manages host objects on Check Point over Web Services API
 * `cp_mgmt_host_facts` – Get host objects facts on Check Point over Web Services API
 * `cp_mgmt_install_policy` – install policy on Check Point over Web Services API
+* `cp_mgmt_install_database` – install database on Check Point over Web Services API
+* `cp_mgmt_mds` – Multi-Domain Server (mds) objects on Check Point over Web Services API
 * `cp_mgmt_mds_facts` – Get Multi-Domain Server (mds) objects facts on Check Point over Web Services API
 * `cp_mgmt_multicast_address_range` – Manages multicast-address-range objects on Check Point over Web Services API
 * `cp_mgmt_multicast_address_range_facts` – Get multicast-address-range objects facts on Check Point over Web Services API
@@ -175,3 +177,11 @@ Modules
 * `cp_mgmt_vpn_community_star_facts` – Get vpn-community-star objects facts on Check Point over Web Services API
 * `cp_mgmt_wildcard` – Manages wildcard objects on Check Point over Web Services API
 * `cp_mgmt_wildcard_facts` – Get wildcard objects facts on Check Point over Web Services API
+* `cp_mgmt_add_domain` – Add new domain on Check Point over Web Services API
+* `cp_mgmt_set_domain` – Edit existing domain on Check Point over Web Services API
+* `cp_mgmt_delete_domain` – Delete existing domain on Check Point over Web Services API
+* `cp_mgmt_domain_facts` – Get domain objects on Check Point over Web Services API
+* `cp_mgmt_trusted_client` – Trusted client objects on Check Point over Web Services API
+* `cp_mgmt_trusted_client_facts` – Get trusted client objects facts on Check Point over Web Services API
+* `cp_mgmt_identity_tag` – Identity tag objects on Check Point over Web Services API
+* `cp_mgmt_identity_tag_facts` – Get identity tag objects facts on Check Point over Web Services API
diff --git a/plugins/module_utils/checkpoint.py b/plugins/module_utils/checkpoint.py
@@ -131,8 +131,13 @@ def wait_for_task(module, version, connection, task_id):
         completed_tasks = 0
         for task in response['tasks']:
             if task['status'] == 'failed':
-                module.fail_json(msg='Task {0} with task id {1} failed. Look at the logs for more details'
-                                 .format(task['task-name'], task['task-id']))
+                if 'comments' in task and task['comments']:
+                    module.fail_json(msg='Task {0} with task id {1} failed. Message: {2} - Look at the logs for more '
+                                         'details '
+                                     .format(task['task-name'], task['task-id'], task['comments']))
+                else:
+                    module.fail_json(msg='Task {0} with task id {1} failed. Look at the logs for more details'
+                                     .format(task['task-name'], task['task-id']))
             if task['status'] == 'in progress':
                 break
             completed_tasks += 1

diff --git a/plugins/modules/cp_mgmt_add_domain.py b/plugins/modules/cp_mgmt_add_domain.py
@@ -0,0 +1,170 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_add_domain
+short_description: Manages domain objects on Checkpoint over Web Services API
+description:
+  - Manages domain objects on Checkpoint devices including creating, updating and removing objects.
+  - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+  name:
+    description:
+      - Object name.
+    type: str
+    required: True
+  servers:
+    description:
+      - Domain servers. When this field is provided, 'set-domain' command is executed asynchronously.
+    type: dict
+    suboptions:
+        description:
+          - Adds to collection of values
+        type: list
+        suboptions:
+          name:
+            description:
+              - Object name. Must be unique in the domain.
+            type: str
+          ip_address:
+            description:
+              - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+            type: str
+          ipv4_address:
+            description:
+              - IPv4 address.
+            type: str
+          ipv6_address:
+            description:
+              - IPv6 address.
+            type: str
+          multi_domain_server:
+            description:
+              - Multi Domain server name or UID.
+            type: str
+          skip_start_domain_server:
+            description:
+              - Set this value to be true to prevent starting the new created domain.
+            type: bool
+          type:
+            description:
+              - Domain server type.
+            type: str
+            choices: ['management server', 'log server', 'smc']
+  color:
+    description:
+      - Color of the object. Should be one of existing colors.
+    type: str
+    choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+             'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+             'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+  comments:
+    description:
+      - Comments string.
+    type: str
+  details_level:
+    description:
+      - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+        representation of the object.
+    type: str
+    choices: ['uid', 'standard', 'full']
+  ignore_warnings:
+    description:
+      - Apply changes ignoring warnings.
+    type: bool
+  ignore_errors:
+    description:
+      - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+    type: bool
+  tags:
+    description:
+      - Collection of tag identifiers. Note, The list of tags can not be modified in a single command together with the domain servers. To modify
+        tags, please use the separate 'set-domain' command, without providing the list of domain servers.
+    type: list
+extends_documentation_fragment: checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-domain
+  cp_mgmt_add_domain:
+    name: domain1
+    servers:
+      ip_address: 192.0.2.1
+      multi_domain_server: MDM_Server
+      name: domain1_ManagementServer_1
+    state: present
+"""
+
+RETURN = """
+cp_mgmt_domain:
+  description: The checkpoint object created or updated.
+  returned: always, except when deleting the object.
+  type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+    argument_spec = dict(
+        name=dict(type='str', required=True),
+        servers=dict(type='list', options=dict(
+            name=dict(type='str'),
+            ip_address=dict(type='str'),
+            ipv4_address=dict(type='str'),
+            ipv6_address=dict(type='str'),
+            multi_domain_server=dict(type='str'),
+            active=dict(type='bool'),
+            skip_start_domain_server=dict(type='bool'),
+            type=dict(type='str', choices=['management server', 'log server', 'smc'])
+        )),
+        color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+                                        'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+                                        'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+                                        'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+                                        'yellow']),
+        comments=dict(type='str'),
+        details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+        ignore_warnings=dict(type='bool'),
+        ignore_errors=dict(type='bool'),
+        tags=dict(type='list')
+    )
+    argument_spec.update(checkpoint_argument_spec_for_commands)
+
+    module = AnsibleModule(argument_spec=argument_spec)
+    api_call_object = 'add-domain'
+
+    result = api_command(module, api_call_object)
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()
diff --git a/plugins/modules/cp_mgmt_delete_domain.py b/plugins/modules/cp_mgmt_delete_domain.py
@@ -0,0 +1,95 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_delete_domain
+short_description: Manages domain objects on Checkpoint over Web Services API
+description:
+  - Manages domain objects on Checkpoint devices including creating, updating and removing objects.
+  - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+  name:
+    description:
+      - Object name.
+    type: str
+    required: True
+  details_level:
+    description:
+      - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+        representation of the object.
+    type: str
+    choices: ['uid', 'standard', 'full']
+  ignore_warnings:
+    description:
+      - Apply changes ignoring warnings.
+    type: bool
+  ignore_errors:
+    description:
+      - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+    type: bool
+extends_documentation_fragment: checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: delete-domain
+  cp_mgmt_delete_domain:
+    name: domain1
+    state: absent
+"""
+
+RETURN = """
+cp_mgmt_domain:
+  description: The checkpoint object created or updated.
+  returned: always, except when deleting the object.
+  type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+    argument_spec = dict(
+        name=dict(type='str', required=True),
+        details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+        ignore_warnings=dict(type='bool'),
+        ignore_errors=dict(type='bool'),
+    )
+    argument_spec.update(checkpoint_argument_spec_for_commands)
+
+    module = AnsibleModule(argument_spec=argument_spec)
+    api_call_object = 'delete-domain'
+
+    result = api_command(module, api_call_object)
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()