mdn/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Init: mediaserver

Browse Source
This commit is contained in:
Martin Eichner
2023-02-08 12:13:28 +01:00
parent 848bc9739c
commit f7c23d4ba9
31914 changed files with 6175775 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

274
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/CHANGELOG.rst Normal file
View File

@@ -0,0 +1,274 @@
==============================
Check_Point.Mgmt Release Notes
==============================
.. contents:: Topics
v4.0.0
======
Release Summary
---------------
This is release 4.0.0 of ``check_point.mgmt``, released on 2022-09-14.
Major Changes
-------------
- plugins/httpapi/checkpoint - Support for Smart-1 Cloud with new variable 'ansible_cloud_mgmt_id'
Breaking Changes / Porting Guide
--------------------------------
- cp_mgmt_access_role - the 'machines' parameter now accepts a single str and a new parameter 'machines_list' of type dict has been added. the 'users' parameter now accepts a single str and a new parameter 'users_list' of type dict has been added.
- cp_mgmt_access_rule - the 'vpn' parameter now accepts a single str and a new parameter 'vpn_list' of type dict has been added. the 'position_by_rule' parameter has been changed to 'relative_position' with support of positioning above/below a section (and not just a rule). the 'relative_position' parameter has also 'top' and 'bottom' suboptions which allows positioning a rule at the top and bottom of a section respectively. a new parameter 'search_entire_rulebase' has been added to allow the relative positioning to be unlimited (was previously limited to 50 rules)
- cp_mgmt_administrator - the 'permissions_profile' parameter now accepts a single str and a new parameter 'permissions_profile_list' of type dict has been added.
- cp_mgmt_publish - the 'uid' parameter has been removed.
Bugfixes
--------
- cp_mgmt_access_rule - support for relative positioning for rulebase with more than 50 rules (https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues/69)
- cp_mgmt_administrator - specifying the administartor's permissions profile now works for both SMC and MDS (https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues/83)
- meta/runtime.yml - update value of minimum ansible version and remove redirect (https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues/84)
v3.2.0
======
Release Summary
---------------
This is release 3.2.0 of ``check_point.mgmt``, released on 2022-08-09.
v3.1.0
======
Release Summary
---------------
This is release 3.1.0 of ``check_point.mgmt``, released on 2022-07-04.
v3.0.0
======
Release Summary
---------------
This is release 3.0.0 of ``check_point.mgmt``, released on 2022-06-07.
New Modules
-----------
- check_point.mgmt.cp_mgmt_add_rules_batch - Creates new rules in batch. Use this API to achieve optimum performance when adding more than one rule.
- check_point.mgmt.cp_mgmt_approve_session - Workflow feature - Approve and Publish the session.
- check_point.mgmt.cp_mgmt_check_network_feed - Check if a target can reach or parse a network feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters).
- check_point.mgmt.cp_mgmt_check_threat_ioc_feed - Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters).
- check_point.mgmt.cp_mgmt_cluster_members_facts - Retrieve all existing cluster members in domain.
- check_point.mgmt.cp_mgmt_connect_cloud_services - Securely connect the Management Server to Check Point's Infinity Portal. <br>This is a preliminary operation so that the management server can use various Check Point cloud-based security services hosted in the Infinity Portal.
- check_point.mgmt.cp_mgmt_delete_rules_batch - Delete rules in batch from the same layer. Use this API to achieve optimum performance when removing more than one rule.
- check_point.mgmt.cp_mgmt_disconnect_cloud_services - Disconnect the Management Server from Check Point's Infinity Portal.
- check_point.mgmt.cp_mgmt_domain_permissions_profile - Manages domain-permissions-profile objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_domain_permissions_profile_facts - Get domain-permissions-profile objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_get_platform - Get actual platform (Hardware, Version, OS) from gateway, cluster or Check Point host.
- check_point.mgmt.cp_mgmt_idp_administrator_group - Manages idp-administrator-group objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_idp_administrator_group_facts - Get idp-administrator-group objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_idp_to_domain_assignment_facts - Get idp-to-domain-assignment objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_import_outbound_inspection_certificate - Import Outbound Inspection certificate for HTTPS inspection.
- check_point.mgmt.cp_mgmt_install_lsm_policy - Executes the lsm-install-policy on a given list of targets. Install the LSM policy that defined on the attached LSM profile on the targets devices.
- check_point.mgmt.cp_mgmt_install_lsm_settings - Executes the lsm-install-settings on a given list of targets. Install the provisioning settings that defined on the object on the targets devices.
- check_point.mgmt.cp_mgmt_interoperable_device - Manages interoperable-device objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_interoperable_device_facts - Get interoperable-device objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_lsm_cluster_profile_facts - Get lsm-cluster-profile objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_lsm_gateway_profile_facts - Get lsm-gateway-profile objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_lsm_run_script - Executes the lsm-run-script on a given list of targets. Run the given script on the targets devices.
- check_point.mgmt.cp_mgmt_md_permissions_profile - Manages md-permissions-profile objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_md_permissions_profile_facts - Get md-permissions-profile objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_network_feed - Manages network-feed objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_network_feed_facts - Get network-feed objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_objects_facts - Get objects objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_provisioning_profile_facts - Get provisioning-profile objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_reject_session - Workflow feature - Return the session to the submitter administrator.
- check_point.mgmt.cp_mgmt_repository_script - Manages repository-script objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_repository_script_facts - Get repository-script objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_reset_sic - Reset Secure Internal Communication (SIC). To complete the reset operation need also to reset the device in the Check Point Configuration Tool (by running cpconfig in Clish or Expert mode). Communication will not be possible until you reset and re-initialize the device properly.
- check_point.mgmt.cp_mgmt_set_global_properties - Edit Global Properties.
- check_point.mgmt.cp_mgmt_set_idp_default_assignment - Set default Identity Provider assignment to be use for Management server administrator access.
- check_point.mgmt.cp_mgmt_set_idp_to_domain_assignment - Set Identity Provider assignment to domain, to allow administrator login to that domain using that identity provider, if there is no Identity Provider assigned to the domain the 'idp-default-assignment' will be used. This command only available for Multi-Domain server.
- check_point.mgmt.cp_mgmt_set_outbound_inspection_certificate - Create or update a certificate to be used as outbound certificate for HTTPS inspection. <br>The outbound CA certificate will be used by the Gateway to inspect SSL traffic.
- check_point.mgmt.cp_mgmt_set_threat_advanced_settings - Edit Threat Prevention's Blades' Settings.
- check_point.mgmt.cp_mgmt_show_cloud_services - Show the connection status of the Management Server to Check Point's Infinity Portal.
- check_point.mgmt.cp_mgmt_show_global_properties - Retrieve Global Properties.
- check_point.mgmt.cp_mgmt_show_idp_default_assignment - Retrieve default Identity Provider assignment that used for Management server administrator access.
- check_point.mgmt.cp_mgmt_show_outbound_inspection_certificate - Show outbound inspection certificate.
- check_point.mgmt.cp_mgmt_show_servers_and_processes - Shows the status of all processes in the current machine (Multi-Domain Server and all Domain Management / Log Servers). <br>This command is available only on Multi-Domain Server.
- check_point.mgmt.cp_mgmt_show_threat_advanced_settings - Show Threat Prevention's Blades' Settings.
- check_point.mgmt.cp_mgmt_simple_cluster - Manages simple-cluster objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_simple_cluster_facts - Get simple-cluster objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_smtp_server - Manages smtp-server objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_smtp_server_facts - Get smtp-server objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_submit_session - Workflow feature - Submit the session for approval.
- check_point.mgmt.cp_mgmt_test_sic_status - Test SIC Status reflects the state of the gateway after it has received the certificate issued by the ICA. If the SIC status is Unknown then there is no connection between the gateway and the Security Management Server. If the SIC status is No Communication, an error message will appear. It may contain specific instructions on how to fix the situation.
- check_point.mgmt.cp_mgmt_update_provisioned_satellites - Executes the update-provisioned-satellites on center gateways of VPN communities.
v2.3.0
======
New Modules
-----------
- check_point.mgmt.cp_mgmt_lsm_cluster - Manages lsm-cluster objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_lsm_cluster_facts - Get lsm-cluster objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_lsm_gateway - Manages lsm-gateway objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_lsm_gateway_facts - Get lsm-gateway objects facts on Checkpoint over Web Services API
v2.2.0
======
New Modules
-----------
- check_point.mgmt.cp_mgmt_access_rules - Manages access-rules objects on Check Point over Web Services API
v2.1.0
======
New Modules
-----------
- check_point.mgmt.cp_mgmt_add_domain - Create new object
- check_point.mgmt.cp_mgmt_delete_domain - Delete existing object using object name or uid.
- check_point.mgmt.cp_mgmt_domain_facts - Get domain objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_identity_tag - Manages identity-tag objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_identity_tag_facts - Get identity-tag objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_install_database - Copies the user database and network objects information to specified targets.
- check_point.mgmt.cp_mgmt_mds - Manages mds objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_set_domain - Edit existing object using object name or uid.
- check_point.mgmt.cp_mgmt_trusted_client - Manages trusted-client objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_trusted_client_facts - Get trusted-client objects facts on Checkpoint over Web Services API
v2.0.0
======
New Modules
-----------
- check_point.mgmt.cp_mgmt_access_section - Manages access-section objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_add_api_key - Add API key for administrator, to enable login with it. For the key to be valid publish is needed.
- check_point.mgmt.cp_mgmt_add_data_center_object - Imports a Data Center Object from a Data Center Server.<br> Data Center Object represents an object in the cloud environment.
- check_point.mgmt.cp_mgmt_add_nat_rule - Create new object.
- check_point.mgmt.cp_mgmt_data_center_object_facts - Get data-center-object objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_delete_api_key - Delete the API key. For the key to be invalid publish is needed.
- check_point.mgmt.cp_mgmt_delete_data_center_object - Delete existing object using object name or uid.
- check_point.mgmt.cp_mgmt_delete_nat_rule - Delete existing object using object name or uid.
- check_point.mgmt.cp_mgmt_https_section - Manages https-section objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_install_software_package - Installs the software package on target machines.
- check_point.mgmt.cp_mgmt_nat_rule_facts - Get nat-rule objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_nat_section - Manages nat-section objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_set_nat_rule - Edit existing object using object name or uid.
- check_point.mgmt.cp_mgmt_set_session - Edit user's current session.
- check_point.mgmt.cp_mgmt_show_access_section - Retrieve existing object using object name or uid.
- check_point.mgmt.cp_mgmt_show_https_section - Retrieve existing HTTPS Inspection section using section name or uid and layer name.
- check_point.mgmt.cp_mgmt_show_logs - Showing logs according to the given filter.
- check_point.mgmt.cp_mgmt_show_nat_section - Retrieve existing object using object name or uid.
- check_point.mgmt.cp_mgmt_show_software_package_details - Gets the software package information from the cloud.
- check_point.mgmt.cp_mgmt_show_task - Show task progress and details.
- check_point.mgmt.cp_mgmt_show_tasks - Retrieve all tasks and show their progress and details.
- check_point.mgmt.cp_mgmt_uninstall_software_package - Uninstalls the software package from target machines.
- check_point.mgmt.cp_mgmt_verify_software_package - Verifies the software package on target machines.
v1.0.0
======
New Modules
-----------
- check_point.mgmt.cp_mgmt_access_layer - Manages access-layer objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_access_layer_facts - Get access-layer objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_access_role - Manages access-role objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_access_role_facts - Get access-role objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_access_rule - Manages access-rule objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_access_rule_facts - Get access-rule objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_address_range - Manages address-range objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_address_range_facts - Get address-range objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_administrator - Manages administrator objects on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_administrator_facts - Get administrator objects facts on Checkpoint over Web Services API
- check_point.mgmt.cp_mgmt_application_site - Manages application-site objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_application_site_category - Manages application-site-category objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_application_site_category_facts - Get application-site-category objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_application_site_facts - Get application-site objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_application_site_group - Manages application-site-group objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_application_site_group_facts - Get application-site-group objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_assign_global_assignment - assign global assignment on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_discard - All changes done by user are discarded and removed from database.
- check_point.mgmt.cp_mgmt_dns_domain - Manages dns-domain objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_dns_domain_facts - Get dns-domain objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_dynamic_object - Manages dynamic-object objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_dynamic_object_facts - Get dynamic-object objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_exception_group - Manages exception-group objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_exception_group_facts - Get exception-group objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_global_assignment - Manages global-assignment objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_global_assignment_facts - Get global-assignment objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_group - Manages group objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_group_facts - Get group objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_group_with_exclusion - Manages group-with-exclusion objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_group_with_exclusion_facts - Get group-with-exclusion objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_host - Manages host objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_host_facts - Get host objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_install_policy - install policy on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_mds_facts - Get Multi-Domain Server (mds) objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_multicast_address_range - Manages multicast-address-range objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_multicast_address_range_facts - Get multicast-address-range objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_network - Manages network objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_network_facts - Get network objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_package - Manages package objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_package_facts - Get package objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_publish - All the changes done by this user will be seen by all users only after publish is called.
- check_point.mgmt.cp_mgmt_put_file - put file on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_run_ips_update - Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center.
- check_point.mgmt.cp_mgmt_run_script - Executes the script on a given list of targets.
- check_point.mgmt.cp_mgmt_security_zone - Manages security-zone objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_security_zone_facts - Get security-zone objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_dce_rpc - Manages service-dce-rpc objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_dce_rpc_facts - Get service-dce-rpc objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_group - Manages service-group objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_group_facts - Get service-group objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_icmp - Manages service-icmp objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_icmp6 - Manages service-icmp6 objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_icmp6_facts - Get service-icmp6 objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_icmp_facts - Get service-icmp objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_other - Manages service-other objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_other_facts - Get service-other objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_rpc - Manages service-rpc objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_rpc_facts - Get service-rpc objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_sctp - Manages service-sctp objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_sctp_facts - Get service-sctp objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_tcp - Manages service-tcp objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_tcp_facts - Get service-tcp objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_udp - Manages service-udp objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_service_udp_facts - Get service-udp objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_session_facts - Get session objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_simple_gateway - Manages simple-gateway objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_simple_gateway_facts - Get simple-gateway objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_tag - Manages tag objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_tag_facts - Get tag objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_threat_exception - Manages threat-exception objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_threat_exception_facts - Get threat-exception objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_threat_indicator - Manages threat-indicator objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_threat_indicator_facts - Get threat-indicator objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_threat_layer - Manages threat-layer objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_threat_layer_facts - Get threat-layer objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_threat_profile - Manages threat-profile objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_threat_profile_facts - Get threat-profile objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_threat_protection_override - Edit existing object using object name or uid.
- check_point.mgmt.cp_mgmt_threat_rule - Manages threat-rule objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_threat_rule_facts - Get threat-rule objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_time - Manages time objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_time_facts - Get time objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_verify_policy - Verifies the policy of the selected package.
- check_point.mgmt.cp_mgmt_vpn_community_meshed - Manages vpn-community-meshed objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_vpn_community_meshed_facts - Get vpn-community-meshed objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_vpn_community_star - Manages vpn-community-star objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_vpn_community_star_facts - Get vpn-community-star objects facts on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_wildcard - Manages wildcard objects on Check Point over Web Services API
- check_point.mgmt.cp_mgmt_wildcard_facts - Get wildcard objects facts on Check Point over Web Services API

2252
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/FILES.json Normal file
View File

File diff suppressed because it is too large Load Diff

34
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/MANIFEST.json Normal file
View File

@@ -0,0 +1,34 @@
{
"collection_info": {
"namespace": "check_point",
"name": "mgmt",
"version": "4.0.0",
"authors": [
"Or Soffer <orso@checkpoint.com>",
"Shiran Golzar <shirango@checkpoint.com>",
"Eden Brillant <edenbr@checkpoint.com>"
],
"readme": "README.md",
"tags": [
"security"
],
"description": "Check Point collection for the Management Server",
"license": [
"GPL-2.0-or-later"
],
"license_file": null,
"dependencies": {},
"repository": "https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection",
"documentation": "https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/index.html",
"homepage": "https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection",
"issues": "https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues"
},
"file_manifest_file": {
"name": "FILES.json",
"ftype": "file",
"chksum_type": "sha256",
"chksum_sha256": "5f71b816bee0abfef6e2a291b00f28b42e32ca12cc7ec01812bc246644fad321",
"format": 1
},
"format": 1
}

188
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/README.md Normal file
View File

@@ -0,0 +1,188 @@
# Check Point Ansible Mgmt Collection
This Ansible collection provides control over a Check Point Management server using
Check Point's web-services APIs.
The Ansible Check Point modules reference can be found here:
https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/index.html#plugins-in-check-point-mgmt
<br>Note - look only at the `cp_mgmt_*` modules, cause the `checkpoint_*` will be deprecated.
This is the repository of the mgmt collection which can be found here - https://galaxy.ansible.com/check_point/mgmt
Installation instructions
-------------------------
Run `ansible-galaxy collection install check_point.mgmt`
Requirements
------------
* Ansible 2.9+ is required.
* The Check Point server should be using the versions detailed in this SK: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk114661
* The Check Point server should be open for API communication from the Ansible server.
Open SmartConsole and check "Manage & Settings > Blades > Management API > Advanced settings".
Usage
-----
1. Edit the `hosts` so that it will contain a section similar to this one:
```
[check_point]
%CHECK_POINT_MANAGEMENT_SERVER_IP%
[check_point:vars]
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
ansible_user=%CHECK_POINT_MANAGEMENT_SERVER_USER%
ansible_password=%CHECK_POINT_MANAGEMENT_SERVER_PASSWORD%
ansible_network_os=check_point.mgmt.checkpoint
```
Note - If you want to run against Ansible version 2.9 instead of the collection, just replace `ansible_network_os=check_point.mgmt.checkpoint` with `ansible_network_os=checkpoint`
<br><br>2. Run a playbook:
```sh
ansible-playbook your_ansible_playbook.yml
```
or
Run a playbook in "check mode":
```sh
ansible-playbook -C your_ansible_playbook.yml
```
Example playbook:
```
---
- name: playbook name
hosts: check_point
connection: httpapi
tasks:
- name: task to have network
check_point.mgmt.cp_mgmt_network:
name: "network name"
subnet: "4.1.76.0"
mask_length: 24
auto_publish_session: true
vars:
ansible_checkpoint_domain: "SMC User"
```
Note - If you want to run against Ansible version 2.9 instead of the collection, just replace `check_point.mgmt.cp_mgmt_network` with `cp_mgmt_network`
### Notes:
1. Because this Ansible module is controlling the management server remotely via the web API,
the Ansible server needs to have access to the Check Point API server.
Open `SmartConsole`, navigate to "Manage & Settings > Blades > Management API > Advanced settings"
and check the API server's accessibility set
2. Ansible has a feature called "Check Mode" that enables you to test the
changes without actually changing anything.
3. The login and logout happens automatically.
4. If you want to login to a specific domain, in the playbook above in the `vars`secion change the domain name to
`ansible_checkpoint_domain`
5. There are two ways to publish changes:
a. Set the `auto_publish_session` to `true` as displayed in the example playbook above.
This option will publish only the task which this parameter belongs to.
b. Add the task to publish to the `cp_mgmt_publish` module.
This option will publish all the tasks above this task.
6. It is recommended by Check Point to use this collection over the modules of Ansible version 2.9
7. If you still want to use Ansible version 2.9 instead of this collection (not recommended):
a. In the `hosts` file replace `ansible_network_os=check_point.mgmt.checkpoint` with `ansible_network_os=checkpoint`
b. In the task in the playbook replace the module `check_point.mgmt.cp_mgmt_*` with the module `cp_mgmt_*`
8. Starting from version 1.0.6, when running a command which returns a task-id, and the user chooses to wait for that task to finish
(the default is to wait), then the output of the command will be the output of the show-task command (instead of the task-id).
Modules
-------
* `cp_mgmt_access_layer` Manages access-layer objects on Check Point over Web Services API
* `cp_mgmt_access_layer_facts` Get access-layer objects facts on Check Point over Web Services API
* `cp_mgmt_access_role` Manages access-role objects on Check Point over Web Services API
* `cp_mgmt_access_role_facts` Get access-role objects facts on Check Point over Web Services API
* `cp_mgmt_access_rule` Manages access-rule objects on Check Point over Web Services API
* `cp_mgmt_access_rules` Manages a list of access rules objects on Check Point over Web Services API
* `cp_mgmt_access_rule_facts` Get access-rule objects facts on Check Point over Web Services API
* `cp_mgmt_address_range` Manages address-range objects on Check Point over Web Services API
* `cp_mgmt_address_range_facts` Get address-range objects facts on Check Point over Web Services API
* `cp_mgmt_administrator` Manages administrator objects on Check Point over Web Services API
* `cp_mgmt_administrator_facts` Get administrator objects facts on Check Point over Web Services API
* `cp_mgmt_application_site` Manages application-site objects on Check Point over Web Services API
* `cp_mgmt_application_site_category` Manages application-site-category objects on Check Point over Web Services API
* `cp_mgmt_application_site_category_facts` Get application-site-category objects facts on Check Point over Web Services API
* `cp_mgmt_application_site_facts` Get application-site objects facts on Check Point over Web Services API
* `cp_mgmt_application_site_group` Manages application-site-group objects on Check Point over Web Services API
* `cp_mgmt_application_site_group_facts` Get application-site-group objects facts on Check Point over Web Services API
* `cp_mgmt_assign_global_assignment` assign global assignment on Check Point over Web Services API
* `cp_mgmt_discard` All changes done by user are discarded and removed from database
* `cp_mgmt_dns_domain` Manages dns-domain objects on Check Point over Web Services API
* `cp_mgmt_dns_domain_facts` Get dns-domain objects facts on Check Point over Web Services API
* `cp_mgmt_dynamic_object` Manages dynamic-object objects on Check Point over Web Services API
* `cp_mgmt_dynamic_object_facts` Get dynamic-object objects facts on Check Point over Web Services API
* `cp_mgmt_exception_group` Manages exception-group objects on Check Point over Web Services API
* `cp_mgmt_exception_group_facts` Get exception-group objects facts on Check Point over Web Services API
* `cp_mgmt_global_assignment` Manages global-assignment objects on Check Point over Web Services API
* `cp_mgmt_global_assignment_facts` Get global-assignment objects facts on Check Point over Web Services API
* `cp_mgmt_group` Manages group objects on Check Point over Web Services API
* `cp_mgmt_group_facts` Get group objects facts on Check Point over Web Services API
* `cp_mgmt_group_with_exclusion` Manages group-with-exclusion objects on Check Point over Web Services API
* `cp_mgmt_group_with_exclusion_facts` Get group-with-exclusion objects facts on Check Point over Web Services API
* `cp_mgmt_host` Manages host objects on Check Point over Web Services API
* `cp_mgmt_host_facts` Get host objects facts on Check Point over Web Services API
* `cp_mgmt_install_policy` install policy on Check Point over Web Services API
* `cp_mgmt_install_database` install database on Check Point over Web Services API
* `cp_mgmt_mds` Multi-Domain Server (mds) objects on Check Point over Web Services API
* `cp_mgmt_mds_facts` Get Multi-Domain Server (mds) objects facts on Check Point over Web Services API
* `cp_mgmt_multicast_address_range` Manages multicast-address-range objects on Check Point over Web Services API
* `cp_mgmt_multicast_address_range_facts` Get multicast-address-range objects facts on Check Point over Web Services API
* `cp_mgmt_network` Manages network objects on Check Point over Web Services API
* `cp_mgmt_network_facts` Get network objects facts on Check Point over Web Services API
* `cp_mgmt_package` Manages package objects on Check Point over Web Services API
* `cp_mgmt_package_facts` Get package objects facts on Check Point over Web Services API
* `cp_mgmt_publish` All the changes done by this user will be seen by all users only after publish is called
* `cp_mgmt_put_file` put file on Check Point over Web Services API
* `cp_mgmt_run_ips_update` Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center
* `cp_mgmt_run_script` Executes the script on a given list of targets
* `cp_mgmt_security_zone` Manages security-zone objects on Check Point over Web Services API
* `cp_mgmt_security_zone_facts` Get security-zone objects facts on Check Point over Web Services API
* `cp_mgmt_service_dce_rpc` Manages service-dce-rpc objects on Check Point over Web Services API
* `cp_mgmt_service_dce_rpc_facts` Get service-dce-rpc objects facts on Check Point over Web Services API
* `cp_mgmt_service_group` Manages service-group objects on Check Point over Web Services API
* `cp_mgmt_service_group_facts` Get service-group objects facts on Check Point over Web Services API
* `cp_mgmt_service_icmp` Manages service-icmp objects on Check Point over Web Services API
* `cp_mgmt_service_icmp6` Manages service-icmp6 objects on Check Point over Web Services API
* `cp_mgmt_service_icmp6_facts` Get service-icmp6 objects facts on Check Point over Web Services API
* `cp_mgmt_service_icmp_facts` Get service-icmp objects facts on Check Point over Web Services API
* `cp_mgmt_service_other` Manages service-other objects on Check Point over Web Services API
* `cp_mgmt_service_other_facts` Get service-other objects facts on Check Point over Web Services API
* `cp_mgmt_service_rpc` Manages service-rpc objects on Check Point over Web Services API
* `cp_mgmt_service_rpc_facts` Get service-rpc objects facts on Check Point over Web Services API
* `cp_mgmt_service_sctp` Manages service-sctp objects on Check Point over Web Services API
* `cp_mgmt_service_sctp_facts` Get service-sctp objects facts on Check Point over Web Services API
* `cp_mgmt_service_tcp` Manages service-tcp objects on Check Point over Web Services API
* `cp_mgmt_service_tcp_facts` Get service-tcp objects facts on Check Point over Web Services API
* `cp_mgmt_service_udp` Manages service-udp objects on Check Point over Web Services API
* `cp_mgmt_service_udp_facts` Get service-udp objects facts on Check Point over Web Services API
* `cp_mgmt_session_facts` Get session objects facts on Check Point over Web Services API
* `cp_mgmt_simple_gateway` Manages simple-gateway objects on Check Point over Web Services API
* `cp_mgmt_simple_gateway_facts` Get simple-gateway objects facts on Check Point over Web Services API
* `cp_mgmt_tag` Manages tag objects on Check Point over Web Services API
* `cp_mgmt_tag_facts` Get tag objects facts on Check Point over Web Services API
* `cp_mgmt_threat_exception` Manages threat-exception objects on Check Point over Web Services API
* `cp_mgmt_threat_exception_facts` Get threat-exception objects facts on Check Point over Web Services API
* `cp_mgmt_threat_indicator` Manages threat-indicator objects on Check Point over Web Services API
* `cp_mgmt_threat_indicator_facts` Get threat-indicator objects facts on Check Point over Web Services API
* `cp_mgmt_threat_layer` Manages threat-layer objects on Check Point over Web Services API
* `cp_mgmt_threat_layer_facts` Get threat-layer objects facts on Check Point over Web Services API
* `cp_mgmt_threat_profile` Manages threat-profile objects on Check Point over Web Services API
* `cp_mgmt_threat_profile_facts` Get threat-profile objects facts on Check Point over Web Services API
* `cp_mgmt_threat_protection_override` Edit existing object using object name or uid
* `cp_mgmt_threat_rule` Manages threat-rule objects on Check Point over Web Services API
* `cp_mgmt_threat_rule_facts` Get threat-rule objects facts on Check Point over Web Services API
* `cp_mgmt_time` Manages time objects on Check Point over Web Services API
* `cp_mgmt_time_facts` Get time objects facts on Check Point over Web Services API
* `cp_mgmt_verify_policy` Verifies the policy of the selected package
* `cp_mgmt_vpn_community_meshed` Manages vpn-community-meshed objects on Check Point over Web Services API
* `cp_mgmt_vpn_community_meshed_facts` Get vpn-community-meshed objects facts on Check Point over Web Services API
* `cp_mgmt_vpn_community_star` Manages vpn-community-star objects on Check Point over Web Services API
* `cp_mgmt_vpn_community_star_facts` Get vpn-community-star objects facts on Check Point over Web Services API
* `cp_mgmt_wildcard` Manages wildcard objects on Check Point over Web Services API
* `cp_mgmt_wildcard_facts` Get wildcard objects facts on Check Point over Web Services API
* `cp_mgmt_add_domain` Add new domain on Check Point over Web Services API
* `cp_mgmt_set_domain` Edit existing domain on Check Point over Web Services API
* `cp_mgmt_delete_domain` Delete existing domain on Check Point over Web Services API
* `cp_mgmt_domain_facts` Get domain objects on Check Point over Web Services API
* `cp_mgmt_trusted_client` Trusted client objects on Check Point over Web Services API
* `cp_mgmt_trusted_client_facts` Get trusted client objects facts on Check Point over Web Services API
* `cp_mgmt_identity_tag` Identity tag objects on Check Point over Web Services API
* `cp_mgmt_identity_tag_facts` Get identity tag objects facts on Check Point over Web Services API

1000
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/changelogs/.plugin-cache.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

714
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/changelogs/changelog.yaml Normal file
View File

@@ -0,0 +1,714 @@
ancestor: null
releases:
1.0.0:
modules:
- description: Manages access-layer objects on Check Point over Web Services API
name: cp_mgmt_access_layer
namespace: ''
- description: Get access-layer objects facts on Check Point over Web Services
API
name: cp_mgmt_access_layer_facts
namespace: ''
- description: Manages access-role objects on Check Point over Web Services API
name: cp_mgmt_access_role
namespace: ''
- description: Get access-role objects facts on Check Point over Web Services
API
name: cp_mgmt_access_role_facts
namespace: ''
- description: Manages access-rule objects on Check Point over Web Services API
name: cp_mgmt_access_rule
namespace: ''
- description: Get access-rule objects facts on Check Point over Web Services
API
name: cp_mgmt_access_rule_facts
namespace: ''
- description: Manages address-range objects on Check Point over Web Services
API
name: cp_mgmt_address_range
namespace: ''
- description: Get address-range objects facts on Check Point over Web Services
API
name: cp_mgmt_address_range_facts
namespace: ''
- description: Manages administrator objects on Checkpoint over Web Services API
name: cp_mgmt_administrator
namespace: ''
- description: Get administrator objects facts on Checkpoint over Web Services
API
name: cp_mgmt_administrator_facts
namespace: ''
- description: Manages application-site objects on Check Point over Web Services
API
name: cp_mgmt_application_site
namespace: ''
- description: Manages application-site-category objects on Check Point over Web
Services API
name: cp_mgmt_application_site_category
namespace: ''
- description: Get application-site-category objects facts on Check Point over
Web Services API
name: cp_mgmt_application_site_category_facts
namespace: ''
- description: Get application-site objects facts on Check Point over Web Services
API
name: cp_mgmt_application_site_facts
namespace: ''
- description: Manages application-site-group objects on Check Point over Web
Services API
name: cp_mgmt_application_site_group
namespace: ''
- description: Get application-site-group objects facts on Check Point over Web
Services API
name: cp_mgmt_application_site_group_facts
namespace: ''
- description: assign global assignment on Check Point over Web Services API
name: cp_mgmt_assign_global_assignment
namespace: ''
- description: All changes done by user are discarded and removed from database.
name: cp_mgmt_discard
namespace: ''
- description: Manages dns-domain objects on Check Point over Web Services API
name: cp_mgmt_dns_domain
namespace: ''
- description: Get dns-domain objects facts on Check Point over Web Services API
name: cp_mgmt_dns_domain_facts
namespace: ''
- description: Manages dynamic-object objects on Check Point over Web Services
API
name: cp_mgmt_dynamic_object
namespace: ''
- description: Get dynamic-object objects facts on Check Point over Web Services
API
name: cp_mgmt_dynamic_object_facts
namespace: ''
- description: Manages exception-group objects on Check Point over Web Services
API
name: cp_mgmt_exception_group
namespace: ''
- description: Get exception-group objects facts on Check Point over Web Services
API
name: cp_mgmt_exception_group_facts
namespace: ''
- description: Manages global-assignment objects on Check Point over Web Services
API
name: cp_mgmt_global_assignment
namespace: ''
- description: Get global-assignment objects facts on Check Point over Web Services
API
name: cp_mgmt_global_assignment_facts
namespace: ''
- description: Manages group objects on Check Point over Web Services API
name: cp_mgmt_group
namespace: ''
- description: Get group objects facts on Check Point over Web Services API
name: cp_mgmt_group_facts
namespace: ''
- description: Manages group-with-exclusion objects on Check Point over Web Services
API
name: cp_mgmt_group_with_exclusion
namespace: ''
- description: Get group-with-exclusion objects facts on Check Point over Web
Services API
name: cp_mgmt_group_with_exclusion_facts
namespace: ''
- description: Manages host objects on Check Point over Web Services API
name: cp_mgmt_host
namespace: ''
- description: Get host objects facts on Check Point over Web Services API
name: cp_mgmt_host_facts
namespace: ''
- description: install policy on Check Point over Web Services API
name: cp_mgmt_install_policy
namespace: ''
- description: Get Multi-Domain Server (mds) objects facts on Check Point over
Web Services API
name: cp_mgmt_mds_facts
namespace: ''
- description: Manages multicast-address-range objects on Check Point over Web
Services API
name: cp_mgmt_multicast_address_range
namespace: ''
- description: Get multicast-address-range objects facts on Check Point over Web
Services API
name: cp_mgmt_multicast_address_range_facts
namespace: ''
- description: Manages network objects on Check Point over Web Services API
name: cp_mgmt_network
namespace: ''
- description: Get network objects facts on Check Point over Web Services API
name: cp_mgmt_network_facts
namespace: ''
- description: Manages package objects on Check Point over Web Services API
name: cp_mgmt_package
namespace: ''
- description: Get package objects facts on Check Point over Web Services API
name: cp_mgmt_package_facts
namespace: ''
- description: All the changes done by this user will be seen by all users only
after publish is called.
name: cp_mgmt_publish
namespace: ''
- description: put file on Check Point over Web Services API
name: cp_mgmt_put_file
namespace: ''
- description: Runs IPS database update. If "package-path" is not provided server
will try to get the latest package from the User Center.
name: cp_mgmt_run_ips_update
namespace: ''
- description: Executes the script on a given list of targets.
name: cp_mgmt_run_script
namespace: ''
- description: Manages security-zone objects on Check Point over Web Services
API
name: cp_mgmt_security_zone
namespace: ''
- description: Get security-zone objects facts on Check Point over Web Services
API
name: cp_mgmt_security_zone_facts
namespace: ''
- description: Manages service-dce-rpc objects on Check Point over Web Services
API
name: cp_mgmt_service_dce_rpc
namespace: ''
- description: Get service-dce-rpc objects facts on Check Point over Web Services
API
name: cp_mgmt_service_dce_rpc_facts
namespace: ''
- description: Manages service-group objects on Check Point over Web Services
API
name: cp_mgmt_service_group
namespace: ''
- description: Get service-group objects facts on Check Point over Web Services
API
name: cp_mgmt_service_group_facts
namespace: ''
- description: Manages service-icmp objects on Check Point over Web Services API
name: cp_mgmt_service_icmp
namespace: ''
- description: Manages service-icmp6 objects on Check Point over Web Services
API
name: cp_mgmt_service_icmp6
namespace: ''
- description: Get service-icmp6 objects facts on Check Point over Web Services
API
name: cp_mgmt_service_icmp6_facts
namespace: ''
- description: Get service-icmp objects facts on Check Point over Web Services
API
name: cp_mgmt_service_icmp_facts
namespace: ''
- description: Manages service-other objects on Check Point over Web Services
API
name: cp_mgmt_service_other
namespace: ''
- description: Get service-other objects facts on Check Point over Web Services
API
name: cp_mgmt_service_other_facts
namespace: ''
- description: Manages service-rpc objects on Check Point over Web Services API
name: cp_mgmt_service_rpc
namespace: ''
- description: Get service-rpc objects facts on Check Point over Web Services
API
name: cp_mgmt_service_rpc_facts
namespace: ''
- description: Manages service-sctp objects on Check Point over Web Services API
name: cp_mgmt_service_sctp
namespace: ''
- description: Get service-sctp objects facts on Check Point over Web Services
API
name: cp_mgmt_service_sctp_facts
namespace: ''
- description: Manages service-tcp objects on Check Point over Web Services API
name: cp_mgmt_service_tcp
namespace: ''
- description: Get service-tcp objects facts on Check Point over Web Services
API
name: cp_mgmt_service_tcp_facts
namespace: ''
- description: Manages service-udp objects on Check Point over Web Services API
name: cp_mgmt_service_udp
namespace: ''
- description: Get service-udp objects facts on Check Point over Web Services
API
name: cp_mgmt_service_udp_facts
namespace: ''
- description: Get session objects facts on Check Point over Web Services API
name: cp_mgmt_session_facts
namespace: ''
- description: Manages simple-gateway objects on Check Point over Web Services
API
name: cp_mgmt_simple_gateway
namespace: ''
- description: Get simple-gateway objects facts on Check Point over Web Services
API
name: cp_mgmt_simple_gateway_facts
namespace: ''
- description: Manages tag objects on Check Point over Web Services API
name: cp_mgmt_tag
namespace: ''
- description: Get tag objects facts on Check Point over Web Services API
name: cp_mgmt_tag_facts
namespace: ''
- description: Manages threat-exception objects on Check Point over Web Services
API
name: cp_mgmt_threat_exception
namespace: ''
- description: Get threat-exception objects facts on Check Point over Web Services
API
name: cp_mgmt_threat_exception_facts
namespace: ''
- description: Manages threat-indicator objects on Check Point over Web Services
API
name: cp_mgmt_threat_indicator
namespace: ''
- description: Get threat-indicator objects facts on Check Point over Web Services
API
name: cp_mgmt_threat_indicator_facts
namespace: ''
- description: Manages threat-layer objects on Check Point over Web Services API
name: cp_mgmt_threat_layer
namespace: ''
- description: Get threat-layer objects facts on Check Point over Web Services
API
name: cp_mgmt_threat_layer_facts
namespace: ''
- description: Manages threat-profile objects on Check Point over Web Services
API
name: cp_mgmt_threat_profile
namespace: ''
- description: Get threat-profile objects facts on Check Point over Web Services
API
name: cp_mgmt_threat_profile_facts
namespace: ''
- description: Edit existing object using object name or uid.
name: cp_mgmt_threat_protection_override
namespace: ''
- description: Manages threat-rule objects on Check Point over Web Services API
name: cp_mgmt_threat_rule
namespace: ''
- description: Get threat-rule objects facts on Check Point over Web Services
API
name: cp_mgmt_threat_rule_facts
namespace: ''
- description: Manages time objects on Check Point over Web Services API
name: cp_mgmt_time
namespace: ''
- description: Get time objects facts on Check Point over Web Services API
name: cp_mgmt_time_facts
namespace: ''
- description: Verifies the policy of the selected package.
name: cp_mgmt_verify_policy
namespace: ''
- description: Manages vpn-community-meshed objects on Check Point over Web Services
API
name: cp_mgmt_vpn_community_meshed
namespace: ''
- description: Get vpn-community-meshed objects facts on Check Point over Web
Services API
name: cp_mgmt_vpn_community_meshed_facts
namespace: ''
- description: Manages vpn-community-star objects on Check Point over Web Services
API
name: cp_mgmt_vpn_community_star
namespace: ''
- description: Get vpn-community-star objects facts on Check Point over Web Services
API
name: cp_mgmt_vpn_community_star_facts
namespace: ''
- description: Manages wildcard objects on Check Point over Web Services API
name: cp_mgmt_wildcard
namespace: ''
- description: Get wildcard objects facts on Check Point over Web Services API
name: cp_mgmt_wildcard_facts
namespace: ''
release_date: '2022-06-01'
2.0.0:
modules:
- description: Manages access-section objects on Checkpoint over Web Services
API
name: cp_mgmt_access_section
namespace: ''
- description: Add API key for administrator, to enable login with it. For the
key to be valid publish is needed.
name: cp_mgmt_add_api_key
namespace: ''
- description: Imports a Data Center Object from a Data Center Server.<br> Data
Center Object represents an object in the cloud environment.
name: cp_mgmt_add_data_center_object
namespace: ''
- description: Create new object.
name: cp_mgmt_add_nat_rule
namespace: ''
- description: Get data-center-object objects facts on Checkpoint over Web Services
API
name: cp_mgmt_data_center_object_facts
namespace: ''
- description: Delete the API key. For the key to be invalid publish is needed.
name: cp_mgmt_delete_api_key
namespace: ''
- description: Delete existing object using object name or uid.
name: cp_mgmt_delete_data_center_object
namespace: ''
- description: Delete existing object using object name or uid.
name: cp_mgmt_delete_nat_rule
namespace: ''
- description: Manages https-section objects on Checkpoint over Web Services API
name: cp_mgmt_https_section
namespace: ''
- description: Installs the software package on target machines.
name: cp_mgmt_install_software_package
namespace: ''
- description: Get nat-rule objects facts on Checkpoint over Web Services API
name: cp_mgmt_nat_rule_facts
namespace: ''
- description: Manages nat-section objects on Checkpoint over Web Services API
name: cp_mgmt_nat_section
namespace: ''
- description: Edit existing object using object name or uid.
name: cp_mgmt_set_nat_rule
namespace: ''
- description: Edit user's current session.
name: cp_mgmt_set_session
namespace: ''
- description: Retrieve existing object using object name or uid.
name: cp_mgmt_show_access_section
namespace: ''
- description: Retrieve existing HTTPS Inspection section using section name or
uid and layer name.
name: cp_mgmt_show_https_section
namespace: ''
- description: Showing logs according to the given filter.
name: cp_mgmt_show_logs
namespace: ''
- description: Retrieve existing object using object name or uid.
name: cp_mgmt_show_nat_section
namespace: ''
- description: Gets the software package information from the cloud.
name: cp_mgmt_show_software_package_details
namespace: ''
- description: Show task progress and details.
name: cp_mgmt_show_task
namespace: ''
- description: Retrieve all tasks and show their progress and details.
name: cp_mgmt_show_tasks
namespace: ''
- description: Uninstalls the software package from target machines.
name: cp_mgmt_uninstall_software_package
namespace: ''
- description: Verifies the software package on target machines.
name: cp_mgmt_verify_software_package
namespace: ''
release_date: '2022-06-01'
2.1.0:
modules:
- description: Create new object
name: cp_mgmt_add_domain
namespace: ''
- description: Delete existing object using object name or uid.
name: cp_mgmt_delete_domain
namespace: ''
- description: Get domain objects facts on Checkpoint over Web Services API
name: cp_mgmt_domain_facts
namespace: ''
- description: Manages identity-tag objects on Checkpoint over Web Services API
name: cp_mgmt_identity_tag
namespace: ''
- description: Get identity-tag objects facts on Checkpoint over Web Services
API
name: cp_mgmt_identity_tag_facts
namespace: ''
- description: Copies the user database and network objects information to specified
targets.
name: cp_mgmt_install_database
namespace: ''
- description: Manages mds objects on Checkpoint over Web Services API
name: cp_mgmt_mds
namespace: ''
- description: Edit existing object using object name or uid.
name: cp_mgmt_set_domain
namespace: ''
- description: Manages trusted-client objects on Checkpoint over Web Services
API
name: cp_mgmt_trusted_client
namespace: ''
- description: Get trusted-client objects facts on Checkpoint over Web Services
API
name: cp_mgmt_trusted_client_facts
namespace: ''
release_date: '2022-06-01'
2.2.0:
modules:
- description: Manages access-rules objects on Check Point over Web Services API
name: cp_mgmt_access_rules
namespace: ''
release_date: '2022-06-01'
2.3.0:
modules:
- description: Manages lsm-cluster objects on Checkpoint over Web Services API
name: cp_mgmt_lsm_cluster
namespace: ''
- description: Get lsm-cluster objects facts on Checkpoint over Web Services API
name: cp_mgmt_lsm_cluster_facts
namespace: ''
- description: Manages lsm-gateway objects on Checkpoint over Web Services API
name: cp_mgmt_lsm_gateway
namespace: ''
- description: Get lsm-gateway objects facts on Checkpoint over Web Services API
name: cp_mgmt_lsm_gateway_facts
namespace: ''
release_date: '2022-06-01'
3.0.0:
changes:
release_summary: This is release 3.0.0 of ``check_point.mgmt``, released on
2022-06-07.
fragments:
- 3.0.0.yml
modules:
- description: Creates new rules in batch. Use this API to achieve optimum performance
when adding more than one rule.
name: cp_mgmt_add_rules_batch
namespace: ''
- description: Workflow feature - Approve and Publish the session.
name: cp_mgmt_approve_session
namespace: ''
- description: Check if a target can reach or parse a network feed; can work with
an existing feed object or with a new one (by providing all relevant feed
parameters).
name: cp_mgmt_check_network_feed
namespace: ''
- description: Check if a target can reach or parse a threat IOC feed; can work
with an existing feed object or with a new one (by providing all relevant
feed parameters).
name: cp_mgmt_check_threat_ioc_feed
namespace: ''
- description: Retrieve all existing cluster members in domain.
name: cp_mgmt_cluster_members_facts
namespace: ''
- description: Securely connect the Management Server to Check Point's Infinity
Portal. <br>This is a preliminary operation so that the management server
can use various Check Point cloud-based security services hosted in the Infinity
Portal.
name: cp_mgmt_connect_cloud_services
namespace: ''
- description: Delete rules in batch from the same layer. Use this API to achieve
optimum performance when removing more than one rule.
name: cp_mgmt_delete_rules_batch
namespace: ''
- description: Disconnect the Management Server from Check Point's Infinity Portal.
name: cp_mgmt_disconnect_cloud_services
namespace: ''
- description: Manages domain-permissions-profile objects on Checkpoint over Web
Services API
name: cp_mgmt_domain_permissions_profile
namespace: ''
- description: Get domain-permissions-profile objects facts on Checkpoint over
Web Services API
name: cp_mgmt_domain_permissions_profile_facts
namespace: ''
- description: Get actual platform (Hardware, Version, OS) from gateway, cluster
or Check Point host.
name: cp_mgmt_get_platform
namespace: ''
- description: Manages idp-administrator-group objects on Checkpoint over Web
Services API
name: cp_mgmt_idp_administrator_group
namespace: ''
- description: Get idp-administrator-group objects facts on Checkpoint over Web
Services API
name: cp_mgmt_idp_administrator_group_facts
namespace: ''
- description: Get idp-to-domain-assignment objects facts on Checkpoint over Web
Services API
name: cp_mgmt_idp_to_domain_assignment_facts
namespace: ''
- description: Import Outbound Inspection certificate for HTTPS inspection.
name: cp_mgmt_import_outbound_inspection_certificate
namespace: ''
- description: Executes the lsm-install-policy on a given list of targets. Install
the LSM policy that defined on the attached LSM profile on the targets devices.
name: cp_mgmt_install_lsm_policy
namespace: ''
- description: Executes the lsm-install-settings on a given list of targets. Install
the provisioning settings that defined on the object on the targets devices.
name: cp_mgmt_install_lsm_settings
namespace: ''
- description: Manages interoperable-device objects on Checkpoint over Web Services
API
name: cp_mgmt_interoperable_device
namespace: ''
- description: Get interoperable-device objects facts on Checkpoint over Web Services
API
name: cp_mgmt_interoperable_device_facts
namespace: ''
- description: Get lsm-cluster-profile objects facts on Checkpoint over Web Services
API
name: cp_mgmt_lsm_cluster_profile_facts
namespace: ''
- description: Get lsm-gateway-profile objects facts on Checkpoint over Web Services
API
name: cp_mgmt_lsm_gateway_profile_facts
namespace: ''
- description: Executes the lsm-run-script on a given list of targets. Run the
given script on the targets devices.
name: cp_mgmt_lsm_run_script
namespace: ''
- description: Manages md-permissions-profile objects on Checkpoint over Web Services
API
name: cp_mgmt_md_permissions_profile
namespace: ''
- description: Get md-permissions-profile objects facts on Checkpoint over Web
Services API
name: cp_mgmt_md_permissions_profile_facts
namespace: ''
- description: Manages network-feed objects on Checkpoint over Web Services API
name: cp_mgmt_network_feed
namespace: ''
- description: Get network-feed objects facts on Checkpoint over Web Services
API
name: cp_mgmt_network_feed_facts
namespace: ''
- description: Get objects objects facts on Checkpoint over Web Services API
name: cp_mgmt_objects_facts
namespace: ''
- description: Get provisioning-profile objects facts on Checkpoint over Web Services
API
name: cp_mgmt_provisioning_profile_facts
namespace: ''
- description: Workflow feature - Return the session to the submitter administrator.
name: cp_mgmt_reject_session
namespace: ''
- description: Manages repository-script objects on Checkpoint over Web Services
API
name: cp_mgmt_repository_script
namespace: ''
- description: Get repository-script objects facts on Checkpoint over Web Services
API
name: cp_mgmt_repository_script_facts
namespace: ''
- description: Reset Secure Internal Communication (SIC). To complete the reset
operation need also to reset the device in the Check Point Configuration Tool
(by running cpconfig in Clish or Expert mode). Communication will not be possible
until you reset and re-initialize the device properly.
name: cp_mgmt_reset_sic
namespace: ''
- description: Edit Global Properties.
name: cp_mgmt_set_global_properties
namespace: ''
- description: Set default Identity Provider assignment to be use for Management
server administrator access.
name: cp_mgmt_set_idp_default_assignment
namespace: ''
- description: Set Identity Provider assignment to domain, to allow administrator
login to that domain using that identity provider, if there is no Identity
Provider assigned to the domain the 'idp-default-assignment' will be used.
This command only available for Multi-Domain server.
name: cp_mgmt_set_idp_to_domain_assignment
namespace: ''
- description: Create or update a certificate to be used as outbound certificate
for HTTPS inspection. <br>The outbound CA certificate will be used by the
Gateway to inspect SSL traffic.
name: cp_mgmt_set_outbound_inspection_certificate
namespace: ''
- description: Edit Threat Prevention's Blades' Settings.
name: cp_mgmt_set_threat_advanced_settings
namespace: ''
- description: Show the connection status of the Management Server to Check Point's
Infinity Portal.
name: cp_mgmt_show_cloud_services
namespace: ''
- description: Retrieve Global Properties.
name: cp_mgmt_show_global_properties
namespace: ''
- description: Retrieve default Identity Provider assignment that used for Management
server administrator access.
name: cp_mgmt_show_idp_default_assignment
namespace: ''
- description: Show outbound inspection certificate.
name: cp_mgmt_show_outbound_inspection_certificate
namespace: ''
- description: Shows the status of all processes in the current machine (Multi-Domain
Server and all Domain Management / Log Servers). <br>This command is available
only on Multi-Domain Server.
name: cp_mgmt_show_servers_and_processes
namespace: ''
- description: Show Threat Prevention's Blades' Settings.
name: cp_mgmt_show_threat_advanced_settings
namespace: ''
- description: Manages simple-cluster objects on Checkpoint over Web Services
API
name: cp_mgmt_simple_cluster
namespace: ''
- description: Get simple-cluster objects facts on Checkpoint over Web Services
API
name: cp_mgmt_simple_cluster_facts
namespace: ''
- description: Manages smtp-server objects on Checkpoint over Web Services API
name: cp_mgmt_smtp_server
namespace: ''
- description: Get smtp-server objects facts on Checkpoint over Web Services API
name: cp_mgmt_smtp_server_facts
namespace: ''
- description: Workflow feature - Submit the session for approval.
name: cp_mgmt_submit_session
namespace: ''
- description: Test SIC Status reflects the state of the gateway after it has
received the certificate issued by the ICA. If the SIC status is Unknown then
there is no connection between the gateway and the Security Management Server.
If the SIC status is No Communication, an error message will appear. It may
contain specific instructions on how to fix the situation.
name: cp_mgmt_test_sic_status
namespace: ''
- description: Executes the update-provisioned-satellites on center gateways of
VPN communities.
name: cp_mgmt_update_provisioned_satellites
namespace: ''
release_date: '2022-05-31'
3.1.0:
changes:
release_summary: This is release 3.1.0 of ``check_point.mgmt``, released on
2022-07-04.
fragments:
- 3.1.0.yml
release_date: '2022-07-04'
3.2.0:
changes:
release_summary: This is release 3.2.0 of ``check_point.mgmt``, released on
2022-08-09.
fragments:
- 3.2.0.yml
release_date: '2022-06-09'
4.0.0:
changes:
breaking_changes:
- cp_mgmt_access_role - the 'machines' parameter now accepts a single str and
a new parameter 'machines_list' of type dict has been added. the 'users' parameter
now accepts a single str and a new parameter 'users_list' of type dict has
been added.
- cp_mgmt_access_rule - the 'vpn' parameter now accepts a single str and a new
parameter 'vpn_list' of type dict has been added. the 'position_by_rule' parameter
has been changed to 'relative_position' with support of positioning above/below
a section (and not just a rule). the 'relative_position' parameter has also
'top' and 'bottom' suboptions which allows positioning a rule at the top and
bottom of a section respectively. a new parameter 'search_entire_rulebase'
has been added to allow the relative positioning to be unlimited (was previously
limited to 50 rules)
- cp_mgmt_administrator - the 'permissions_profile' parameter now accepts a
single str and a new parameter 'permissions_profile_list' of type dict has
been added.
- cp_mgmt_publish - the 'uid' parameter has been removed.
bugfixes:
- cp_mgmt_access_rule - support for relative positioning for rulebase with more
than 50 rules (https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues/69)
- cp_mgmt_administrator - specifying the administartor's permissions profile
now works for both SMC and MDS (https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues/83)
- meta/runtime.yml - update value of minimum ansible version and remove redirect
(https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues/84)
major_changes:
- plugins/httpapi/checkpoint - Support for Smart-1 Cloud with new variable 'ansible_cloud_mgmt_id'
release_summary: This is release 4.0.0 of ``check_point.mgmt``, released on
2022-09-14.
fragments:
- 4.0.0.yml
release_date: '2022-06-09'

32
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/changelogs/config.yaml Normal file
View File

@@ -0,0 +1,32 @@
changelog_filename_template: ../CHANGELOG.rst
changelog_filename_version_depth: 0
changes_file: changelog.yaml
changes_format: combined
ignore_other_fragment_extensions: true
keep_fragments: false
mention_ancestor: true
new_plugins_after_name: removed_features
notesdir: fragments
prelude_section_name: release_summary
prelude_section_title: Release Summary
sanitize_changelog: true
sections:
- - major_changes
- Major Changes
- - minor_changes
- Minor Changes
- - breaking_changes
- Breaking Changes / Porting Guide
- - deprecated_features
- Deprecated Features
- - removed_features
- Removed Features (previously deprecated)
- - security_fixes
- Security Fixes
- - bugfixes
- Bugfixes
- - known_issues
- Known Issues
title: Check_Point.Mgmt
trivial_section_name: trivial
use_fqcn: true

5
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/meta/execution-environment.yml Normal file
View File

@@ -0,0 +1,5 @@
---
version: 1
dependencies:
galaxy: requirements.yml

1
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/meta/runtime.yml Normal file
View File

@@ -0,0 +1 @@
requires_ansible: '>=2.9.10'

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/action/__pycache__/cp_mgmt_access_rules.cpython-310.pyc Normal file
View File

Binary file not shown.

60
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_rules.py Normal file
View File

@@ -0,0 +1,60 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
from ansible.errors import AnsibleActionFail
from ansible.plugins.action import ActionBase
from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import \
prepare_rule_params_for_execute_module, check_if_to_publish_for_action
class ActionModule(ActionBase):
def run(self, tmp=None, task_vars=None):
module = super(ActionModule, self).run(tmp, task_vars)
result = self._execute_module(module_name='check_point.mgmt.cp_mgmt_access_rules', module_args=self._task.args,
task_vars=task_vars, tmp=tmp)
if 'msg' in result.keys():
raise AnsibleActionFail(result['msg'])
module_args = self._task.args
fields = {'position', 'layer', 'auto_publish_session'}
rules_list = module_args['rules']
for rule in rules_list:
for field in fields:
if field in rule.keys():
raise AnsibleActionFail('Unsupported parameter ' + field + ' for rule')
# check_fields_for_rule_action_module(module_args)
rules_list = self._task.args['rules']
position = 1
below_rule_name = None
for rule in rules_list:
rule, position, below_rule_name = prepare_rule_params_for_execute_module(rule=rule, module_args=module_args,
position=position,
below_rule_name=below_rule_name)
result['rule: ' + rule['name']] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_access_rule',
module_args=rule,
task_vars=task_vars, tmp=tmp, wrap_async=False)
if 'changed' in result['rule: ' + rule['name']].keys() and \
result['rule: ' + rule['name']]['changed'] is True:
result['changed'] = True
if 'failed' in result['rule: ' + rule['name']].keys() and result['rule: ' + rule['name']]['failed'] is True:
temp = result['rule: ' + rule['name']].copy()
result = {}
result['rule: ' + rule['name']] = temp
result['failed'] = True
result['discard:'] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_discard',
module_args={}, task_vars=task_vars, tmp=tmp)
break
if check_if_to_publish_for_action(result, module_args):
result['publish:'] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_publish', module_args={},
task_vars=task_vars, tmp=tmp)
return result

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/doc_fragments/__pycache__/checkpoint_commands.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/doc_fragments/__pycache__/checkpoint_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/doc_fragments/__pycache__/checkpoint_objects.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/doc_fragments/__pycache__/checkpoint_objects_action_module.cpython-310.pyc Normal file
View File

Binary file not shown.

29
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py Normal file
View File

@@ -0,0 +1,29 @@
# -*- coding: utf-8 -*-
# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
class ModuleDocFragment(object):
# Standard files documentation fragment
DOCUMENTATION = r'''
options:
wait_for_task:
description:
- Wait for the task to end. Such as publish task.
type: bool
default: True
wait_for_task_timeout:
description:
- How many minutes to wait until throwing a timeout error.
type: int
default: 30
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
'''

21
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py Normal file
View File

@@ -0,0 +1,21 @@
# -*- coding: utf-8 -*-
# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
class ModuleDocFragment(object):
# Standard files documentation fragment
DOCUMENTATION = r'''
options:
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
'''

42
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py Normal file
View File

@@ -0,0 +1,42 @@
# -*- coding: utf-8 -*-
# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
class ModuleDocFragment(object):
# Standard files documentation fragment
DOCUMENTATION = r'''
options:
state:
description:
- State of the access rule (present or absent). Defaults to present.
type: str
default: present
choices:
- 'present'
- 'absent'
auto_publish_session:
description:
- Publish the current session if changes have been performed
after task completes.
type: bool
wait_for_task:
description:
- Wait for the task to end. Such as publish task.
type: bool
default: True
wait_for_task_timeout:
description:
- How many minutes to wait until throwing a timeout error.
type: int
default: 30
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
'''

29
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects_action_module.py Normal file
View File

@@ -0,0 +1,29 @@
# -*- coding: utf-8 -*-
# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
class ModuleDocFragment(object):
# Standard files documentation fragment
DOCUMENTATION = r'''
options:
auto_publish_session:
description:
- Publish the current session if changes have been performed
after task completes.
type: bool
wait_for_task_timeout:
description:
- How many minutes to wait until throwing a timeout error.
type: int
default: 30
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
'''

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/httpapi/__pycache__/checkpoint.cpython-310.pyc Normal file
View File

Binary file not shown.

114
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py Normal file
View File

@@ -0,0 +1,114 @@
# (c) 2018 Red Hat Inc.
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = """
---
author: Ansible Networking Team (@rcarrillocruz)
name: checkpoint
short_description: HttpApi Plugin for Checkpoint devices
description:
- This HttpApi plugin provides methods to connect to Checkpoint
devices over a HTTP(S)-based api.
version_added: "2.8.0"
options:
domain:
type: str
description:
- Specifies the domain of the Check Point device
vars:
- name: ansible_checkpoint_domain
api_key:
type: str
description:
- Login with api-key instead of user & password
vars:
- name: ansible_api_key
cloud_mgmt_id:
type: str
description:
- The Cloud Management ID
vars:
- name: ansible_cloud_mgmt_id
"""
import json
from ansible.module_utils.basic import to_text
from ansible.errors import AnsibleConnectionFailure
from ansible.module_utils.six.moves.urllib.error import HTTPError
from ansible.plugins.httpapi import HttpApiBase
from ansible.module_utils.connection import ConnectionError
BASE_HEADERS = {
'Content-Type': 'application/json',
'User-Agent': 'Ansible',
}
class HttpApi(HttpApiBase):
def login(self, username, password):
payload = {}
cp_domain = self.get_option('domain')
cp_api_key = self.get_option('api_key')
if cp_domain:
payload['domain'] = cp_domain
if username and password and not cp_api_key:
payload['user'] = username
payload['password'] = password
elif cp_api_key and not username and not password:
payload['api-key'] = cp_api_key
else:
raise AnsibleConnectionFailure('[Username and password] or api_key are required for login')
url = '/web_api/login'
response, response_data = self.send_request(url, payload)
try:
self.connection._auth = {'X-chkp-sid': response_data['sid']}
except KeyError:
raise ConnectionError(
'Server returned response without token info during connection authentication: %s' % response)
# Case of read-only
if 'uid' in response_data.keys():
self.connection._session_uid = response_data['uid']
def logout(self):
url = '/web_api/logout'
response, dummy = self.send_request(url, None)
def get_session_uid(self):
return self.connection._session_uid
def send_request(self, path, body_params):
data = json.dumps(body_params) if body_params else '{}'
cp_cloud_mgmt_id = self.get_option('cloud_mgmt_id')
if cp_cloud_mgmt_id:
path = '/' + cp_cloud_mgmt_id + path
try:
self._display_request()
response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS)
value = self._get_response_value(response_data)
return response.getcode(), self._response_to_json(value)
except AnsibleConnectionFailure as e:
return 404, e.message
except HTTPError as e:
error = json.loads(e.read())
return e.code, error
def _display_request(self):
self.connection.queue_message('vvvv', 'Web Services: %s %s' % ('POST', self.connection._url))
def _get_response_value(self, response_data):
return to_text(response_data.getvalue())
def _response_to_json(self, response_text):
try:
return json.loads(response_text) if response_text else {}
# JSONDecodeError only available on Python 3.5+
except ValueError:
raise ConnectionError('Invalid JSON response: %s' % response_text)

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/module_utils/__pycache__/checkpoint.cpython-310.pyc Normal file
View File

Binary file not shown.

807
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py Normal file
View File

@@ -0,0 +1,807 @@
# This code is part of Ansible, but is an independent component.
# This particular file snippet, and this file snippet only, is BSD licensed.
# Modules you write using this snippet, which is embedded dynamically by Ansible
# still belong to the author of the module, and may assign their own license
# to the complete work.
#
# (c) 2018 Red Hat Inc.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import time
from ansible.module_utils.connection import Connection
checkpoint_argument_spec_for_action_module = dict(
auto_publish_session=dict(type='bool'),
wait_for_task_timeout=dict(type='int', default=30),
version=dict(type='str')
)
checkpoint_argument_spec_for_objects = dict(
auto_publish_session=dict(type='bool'),
wait_for_task=dict(type='bool', default=True),
wait_for_task_timeout=dict(type='int', default=30),
state=dict(type='str', choices=['present', 'absent'], default='present'),
version=dict(type='str')
)
checkpoint_argument_spec_for_facts = dict(
version=dict(type='str')
)
checkpoint_argument_spec_for_commands = dict(
wait_for_task=dict(type='bool', default=True),
wait_for_task_timeout=dict(type='int', default=30),
version=dict(type='str')
)
delete_params = ['name', 'uid', 'layer', 'exception-group-name', 'rule-name', 'package']
remove_from_set_payload = {'lsm-cluster': ['security-profile', 'name-prefix', 'name-suffix', 'main-ip-address'],
'md-permissions-profile': ['permission-level']}
remove_from_add_payload = {'lsm-cluster': ['name']}
# parse failure message with code and response
def parse_fail_message(code, response):
return 'Checkpoint device returned error {0} with message {1}'.format(code, response)
# send the request to checkpoint
def send_request(connection, version, url, payload=None):
code, response = connection.send_request('/web_api/' + version + url, payload)
return code, response
# get the payload from the user parameters
def is_checkpoint_param(parameter):
if parameter == 'auto_publish_session' or \
parameter == 'state' or \
parameter == 'wait_for_task' or \
parameter == 'wait_for_task_timeout' or \
parameter == 'version':
return False
return True
def contains_show_identifier_param(payload):
identifier_params = ["name", "uid", "assigned-domain"]
for param in identifier_params:
if payload.get(param) is not None:
return True
return False
# build the payload from the parameters which has value (not None), and they are parameter of checkpoint API as well
def get_payload_from_parameters(params):
payload = {}
for parameter in params:
parameter_value = params[parameter]
if parameter_value is not None and is_checkpoint_param(parameter):
if isinstance(parameter_value, dict):
payload[parameter.replace("_", "-")] = get_payload_from_parameters(parameter_value)
elif isinstance(parameter_value, list) and len(parameter_value) != 0 and isinstance(parameter_value[0], dict):
payload_list = []
for element_dict in parameter_value:
payload_list.append(get_payload_from_parameters(element_dict))
payload[parameter.replace("_", "-")] = payload_list
else:
# special handle for this param in order to avoid two params called "version"
if parameter == "gateway_version" or parameter == "cluster_version":
parameter = "version"
payload[parameter.replace("_", "-")] = parameter_value
return payload
# wait for task
def wait_for_task(module, version, connection, task_id):
task_id_payload = {'task-id': task_id, 'details-level': 'full'}
task_complete = False
minutes_until_timeout = 30
if module.params['wait_for_task_timeout'] is not None and module.params['wait_for_task_timeout'] >= 0:
minutes_until_timeout = module.params['wait_for_task_timeout']
max_num_iterations = minutes_until_timeout * 30
current_iteration = 0
# As long as there is a task in progress
while not task_complete and current_iteration < max_num_iterations:
current_iteration += 1
# Check the status of the task
code, response = send_request(connection, version, 'show-task', task_id_payload)
attempts_counter = 0
while code != 200:
if attempts_counter < 5:
attempts_counter += 1
time.sleep(2)
code, response = send_request(connection, version, 'show-task', task_id_payload)
else:
response['message'] = "ERROR: Failed to handle asynchronous tasks as synchronous, tasks result is" \
" undefined. " + response['message']
module.fail_json(msg=parse_fail_message(code, response))
# Count the number of tasks that are not in-progress
completed_tasks = 0
for task in response['tasks']:
if task['status'] == 'failed':
status_description, comments = get_status_description_and_comments(task)
if comments and status_description:
module.fail_json(
msg='Task {0} with task id {1} failed. Message: {2} with description: {3} - '
'Look at the logs for more details '
.format(task['task-name'], task['task-id'], comments, status_description))
elif comments:
module.fail_json(msg='Task {0} with task id {1} failed. Message: {2} - Look at the logs for more details '
.format(task['task-name'], task['task-id'], comments))
elif status_description:
module.fail_json(msg='Task {0} with task id {1} failed. Message: {2} - Look at the logs for more '
'details '
.format(task['task-name'], task['task-id'], status_description))
else:
module.fail_json(msg='Task {0} with task id {1} failed. Look at the logs for more details'
.format(task['task-name'], task['task-id']))
if task['status'] == 'in progress':
break
completed_tasks += 1
# Are we done? check if all tasks are completed
if completed_tasks == len(response["tasks"]) and completed_tasks != 0:
task_complete = True
else:
time.sleep(2) # Wait for two seconds
if not task_complete:
module.fail_json(msg="ERROR: Timeout. Task-id: {0}.".format(task_id_payload['task-id']))
else:
return response
# Getting a status description and comments of task failure details
def get_status_description_and_comments(task):
status_description = None
comments = None
if 'comments' in task and task['comments']:
comments = task['comments']
if 'task-details' in task and task['task-details']:
task_details = task['task-details'][0]
if 'statusDescription' in task_details:
status_description = task_details['statusDescription']
return status_description, comments
# if failed occurred, in some cases we want to discard changes before exiting. We also notify the user about the `discard`
def discard_and_fail(module, code, response, connection, version):
discard_code, discard_response = send_request(connection, version, 'discard')
if discard_code != 200:
try:
module.fail_json(msg=parse_fail_message(code, response) + ' Failed to discard session {0}'
' with error {1} with message {2}'.format(connection.get_session_uid(),
discard_code, discard_response))
except Exception:
# Read-only mode without UID
module.fail_json(msg=parse_fail_message(code, response) + ' Failed to discard session'
' with error {0} with message {1}'.format(discard_code, discard_response))
module.fail_json(msg=parse_fail_message(code, response) + ' Unpublished changes were discarded')
# handle publish command, and wait for it to end if the user asked so
def handle_publish(module, connection, version):
if 'auto_publish_session' in module.params and module.params['auto_publish_session']:
publish_code, publish_response = send_request(connection, version, 'publish')
if publish_code != 200:
discard_and_fail(module, publish_code, publish_response, connection, version)
if module.params['wait_for_task']:
wait_for_task(module, version, connection, publish_response['task-id'])
# if user insert a specific version, we add it to the url
def get_version(module):
return ('v' + module.params['version'] + '/') if module.params.get('version') else ''
# if code is 400 (bad request) or 500 (internal error) - fail
def handle_equals_failure(module, equals_code, equals_response):
if equals_code == 400 or equals_code == 500:
module.fail_json(msg=parse_fail_message(equals_code, equals_response))
if equals_code == 404 and equals_response['code'] == 'generic_err_command_not_found':
module.fail_json(msg='Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center.')
# handle call
def handle_call(connection, version, call, payload, module, to_publish, to_discard_on_failure):
code, response = send_request(connection, version, call, payload)
if code != 200:
if to_discard_on_failure:
discard_and_fail(module, code, response, connection, version)
else:
module.fail_json(msg=parse_fail_message(code, response))
else:
if 'wait_for_task' in module.params and module.params['wait_for_task']:
if 'task-id' in response:
response = wait_for_task(module, version, connection, response['task-id'])
elif 'tasks' in response:
for task in response['tasks']:
if 'task-id' in task:
task_id = task['task-id']
response[task_id] = wait_for_task(module, version, connection, task['task-id'])
del response['tasks']
if to_publish:
handle_publish(module, connection, version)
return response
# handle a command
def api_command(module, command):
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
version = get_version(module)
code, response = send_request(connection, version, command, payload)
result = {'changed': True}
if code == 200:
if module.params['wait_for_task']:
if 'task-id' in response:
response = wait_for_task(module, version, connection, response['task-id'])
elif 'tasks' in response:
for task in response['tasks']:
if 'task-id' in task:
task_id = task['task-id']
response[task_id] = wait_for_task(module, version, connection, task['task-id'])
del response['tasks']
result[command] = response
handle_publish(module, connection, version)
else:
discard_and_fail(module, code, response, connection, version)
return result
# handle api call facts
def api_call_facts(module, api_call_object, api_call_object_plural_version):
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
version = get_version(module)
# if there isn't an identifier param, the API command will be in plural version (e.g. show-hosts instead of show-host)
if not contains_show_identifier_param(payload):
api_call_object = api_call_object_plural_version
response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False)
result = {api_call_object: response}
return result
# handle delete
def handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result):
# else equals_code is 404 and no need to delete because he doesn't exist
if equals_code == 200:
payload_for_delete = extract_payload_with_some_params(payload, delete_params)
response = handle_call(connection, version, 'delete-' + api_call_object, payload_for_delete, module, True, True)
result['changed'] = True
# handle the call and set the result with 'changed' and teh response
def handle_call_and_set_result(connection, version, call, payload, module, result):
response = handle_call(connection, version, call, payload, module, True, True)
result['changed'] = True
result[call] = response
# handle api call
def api_call(module, api_call_object):
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
version = get_version(module)
result = {'changed': False}
if module.check_mode:
return result
payload_for_equals = {'type': api_call_object, 'params': payload}
equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals)
result['checkpoint_session_uid'] = connection.get_session_uid()
handle_equals_failure(module, equals_code, equals_response)
if module.params['state'] == 'present':
if equals_code == 200:
# else objects are equals and there is no need for set request
if not equals_response['equals']:
build_payload(api_call_object, payload, remove_from_set_payload)
handle_call_and_set_result(connection, version, 'set-' + api_call_object, payload, module, result)
elif equals_code == 404:
build_payload(api_call_object, payload, remove_from_add_payload)
handle_call_and_set_result(connection, version, 'add-' + api_call_object, payload, module, result)
elif module.params['state'] == 'absent':
handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result)
return result
# returns a generator of the entire rulebase
def get_rulebase_generator(connection, version, layer, show_rulebase_command, rules_amount):
offset = 0
limit = 100
while True:
payload_for_show_rulebase = {
'name': layer,
'limit': limit,
'offset': offset,
}
# in case there are empty sections after the last rule, we need them to appear in the reply and the limit might
# cut them out
if offset + limit >= rules_amount:
del payload_for_show_rulebase['limit']
code, response = send_request(connection, version, show_rulebase_command, payload_for_show_rulebase)
offset = response['to']
total = response['total']
rulebase = response['rulebase']
yield rulebase
if total <= offset:
return
# get 'to' or 'from' of given section
def get_edge_position_in_section(connection, version, layer, section_name, edge):
code, response = send_request(connection, version, "show-layer-structure", {'name': layer, 'details-level': 'uid'})
if response['code'] == 'generic_err_command_not_found':
raise ValueError("The use of the relative_position field with a section as its value is available only for"
" version 1.7.1 with JHF take 42 and above")
sections_in_layer = response['root-section']['children']
for section in sections_in_layer:
if section['name'] == section_name:
return int(section[edge + '-rule'])
return None
# return the total amount of rules in the rulebase of the given layer
def get_rules_amount(connection, version, layer, show_rulebase_command):
payload_for_show_obj_rulebase = {'name': layer, 'limit': 0}
code, response = send_request(connection, version, show_rulebase_command, payload_for_show_obj_rulebase)
return int(response['total'])
def keep_searching_rulebase(position, current_section, relative_position, relative_position_is_section):
position_not_found = position is None
if relative_position_is_section and 'above' not in relative_position:
# if 'above' in relative_position then get_number_and_section_from_relative_position returns the previous section
# so there isn't a need to further search for the relative section
relative_section = list(relative_position.values())[0]
return position_not_found or current_section != relative_section
# if relative position is a rule then get_number_and_section_from_relative_position has already entered the section
# (if exists) that the relative rule is in
return position_not_found
def relative_position_is_section(connection, version, layer, relative_position):
if 'top' in relative_position or 'bottom' in relative_position:
return True
relative_position_value = list(relative_position.values())[0]
code, response = send_request(connection, version, "show-access-section", {'layer': layer, 'name': relative_position_value})
if code == 200:
return True
return False
def get_number_and_section_from_relative_position(payload, connection, version, rulebase, above_relative_position, pos_before_relative_empty_section):
section_name = None
position = None
for rules in rulebase:
if 'rulebase' in rules:
# cases relevant for relative-position=section
if 'above' in payload['position'] and rules['name'] == payload['position']['above']:
if len(rules['rulebase']) == 0:
position = pos_before_relative_empty_section if above_relative_position else pos_before_relative_empty_section + 1
else:
# if the entire section isn't present in rulebase, the 'from' value of the section might not be
# the first position in the section, which is why we use get_edge_position_in_section
from_value = get_edge_position_in_section(connection, version, payload['layer'], rules['name'], "from")
if from_value is not None: # section exists in rulebase
position = max(from_value - 1, 1) if above_relative_position else from_value
return position, section_name, above_relative_position, pos_before_relative_empty_section
# we update this only after the 'above' case since the section that should be returned in that case isn't
# the one we are currently iterating over (but the one beforehand)
section_name = rules['name']
if 'bottom' in payload['position'] and rules['name'] == payload['position']['bottom']:
if len(rules['rulebase']) == 0:
position = pos_before_relative_empty_section if above_relative_position else pos_before_relative_empty_section + 1
else:
# if the entire section isn't present in rulebase, the 'to' value of the section might not be the
# last position in the section, which is why we use get_edge_position_in_section
to_value = get_edge_position_in_section(connection, version, payload['layer'], section_name, "to")
if to_value is not None and to_value == int(rules['to']): # meaning the entire section is present in rulebase
# is the rule already at the bottom of the section. Can infer this only if the entire section is
# present in rulebase
is_bottom = rules['rulebase'][-1]['name'] == payload['name']
position = to_value if (above_relative_position or is_bottom) else to_value + 1
# else: need to keep searching the rulebase, so position=None is returned
return position, section_name, above_relative_position, pos_before_relative_empty_section
# setting a rule 'below' a section is equivalent to setting the rule at the top of that section
if ('below' in payload['position'] and section_name == payload['position']['below']) or \
('top' in payload['position'] and section_name == payload['position']['top']):
if len(rules['rulebase']) == 0:
position = pos_before_relative_empty_section if above_relative_position else pos_before_relative_empty_section + 1
else:
# is the rule already at the top of the section
is_top = rules['rulebase'][0]['name'] == payload['name']
position = max(int(rules['from']) - 1, 1) if (above_relative_position or not is_top) else int(rules['from'])
return position, section_name, above_relative_position, pos_before_relative_empty_section
if len(rules['rulebase']) != 0:
# if search_entire_rulebase=True: even if rules['rulebase'] is cut (due to query limit) this will
# eventually be updated to the correct value in further calls
pos_before_relative_empty_section = int(rules['to'])
rules = rules['rulebase']
for rule in rules:
if payload['name'] == rule['name']:
above_relative_position = True
# cases relevant for relative-position=rule
if 'below' in payload['position'] and rule['name'] == payload['position']['below']:
position = int(rule['rule-number']) if above_relative_position else int(rule['rule-number']) + 1
return position, section_name, above_relative_position, pos_before_relative_empty_section
elif 'above' in payload['position'] and rule['name'] == payload['position']['above']:
position = max(int(rule['rule-number']) - 1, 1) if above_relative_position else int(rule['rule-number'])
return position, section_name, above_relative_position, pos_before_relative_empty_section
else: # cases relevant for relative-position=rule
if payload['name'] == rules['name']:
above_relative_position = True
if 'below' in payload['position'] and rules['name'] == payload['position']['below']:
position = int(rules['rule-number']) if above_relative_position else int(rules['rule-number']) + 1
return position, section_name, above_relative_position, pos_before_relative_empty_section
elif 'above' in payload['position'] and rules['name'] == payload['position']['above']:
position = max(int(rules['rule-number']) - 1, 1) if above_relative_position else int(rules['rule-number'])
return position, section_name, above_relative_position, pos_before_relative_empty_section
return position, section_name, above_relative_position, pos_before_relative_empty_section # None, None, False/True, x>=1
# get the position in integer format and the section it is.
def get_number_and_section_from_position(payload, connection, version, api_call_object):
show_rulebase_command = get_relevant_show_rulebase_command(api_call_object)
if 'position' in payload:
section_name = None
if type(payload['position']) is not dict:
position = payload['position']
if position == 'top':
position = 1
return position, section_name
elif position == 'bottom':
position = get_rules_amount(connection, version, payload['layer'], show_rulebase_command)
code, response = send_request(connection, version, show_rulebase_command, {'name': payload['layer'], 'offset': position - 1})
rulebase = reversed(response['rulebase'])
else: # is a number so we need to get the section (if exists) of the rule in that position
position = int(position)
payload_for_show_obj_rulebase = build_rulebase_payload(api_call_object, payload, position)
code, response = send_request(connection, version, show_rulebase_command, payload_for_show_obj_rulebase)
rulebase = response['rulebase']
if position > response['total']:
raise ValueError("The given position " + str(position) + " of rule " + payload['name'] +
"exceeds the total amount of rules in the rulebase")
# in case position=1 and there are empty sections at the beginning of the rulebase we want to skip them
i = 0
for rules in rulebase:
if 'rulebase' in rules and len(rules['rulebase']) == 0:
i += 1
rulebase = rulebase[i:]
for rules in rulebase:
if 'rulebase' in rules:
section_name = rules['name']
return position, section_name
else:
return position, section_name # section = None
else:
search_entire_rulebase = payload['search-entire-rulebase']
position = None
# is the rule we're getting its position number above the rule it is relatively positioned to
above_relative_position = False
# no from-to in empty sections so can't infer the position from them -> need to keep track of the position
# before the empty relative section
pos_before_relative_empty_section = 1
if not search_entire_rulebase:
code, response = send_request(connection, version, show_rulebase_command, {'name': payload['layer']})
rulebase = response['rulebase']
position, section_name, above_relative_position, pos_before_relative_empty_section = \
get_number_and_section_from_relative_position(payload, connection, version, rulebase,
above_relative_position, pos_before_relative_empty_section)
else:
rules_amount = get_rules_amount(connection, version, payload['layer'], show_rulebase_command)
relative_pos_is_section = relative_position_is_section(connection, version, payload['layer'], payload['position'])
rulebase_generator = get_rulebase_generator(connection, version, payload['layer'], show_rulebase_command, rules_amount)
for rulebase in rulebase_generator:
position, section_name, above_relative_position, pos_before_relative_empty_section = \
get_number_and_section_from_relative_position(payload, connection, version, rulebase,
above_relative_position, pos_before_relative_empty_section)
if not keep_searching_rulebase(position, section_name, payload['position'], relative_pos_is_section):
break
return position, section_name
return None, None
# build the show rulebase payload
def build_rulebase_payload(api_call_object, payload, position_number):
rulebase_payload = {'name': payload['layer'], 'offset': position_number - 1, 'limit': 1}
if api_call_object == 'threat-exception':
rulebase_payload['rule-name'] = payload['rule-name']
return rulebase_payload
def build_rulebase_command(api_call_object):
rulebase_command = 'show-' + api_call_object.split('-')[0] + '-rulebase'
if api_call_object == 'threat-exception':
rulebase_command = 'show-threat-rule-exception-rulebase'
return rulebase_command
# remove from payload unrecognized params (used for cases where add payload differs from that of a set)
def build_payload(api_call_object, payload, params_to_remove):
if api_call_object in params_to_remove:
for param in params_to_remove[api_call_object]:
del payload[param]
return payload
# extract first rule from given rulebase response and the section it is in.
def extract_rule_and_section_from_rulebase_response(response):
section_name = None
rule = response['rulebase'][0]
i = 0
# skip empty sections (possible when offset=0)
while 'rulebase' in rule and len(rule['rulebase']) == 0:
i += 1
rule = response['rulebase'][i]
while 'rulebase' in rule:
section_name = rule['name']
rule = rule['rulebase'][0]
return rule, section_name
def get_relevant_show_rulebase_command(api_call_object):
if api_call_object == 'access-rule':
return 'show-access-rulebase'
elif api_call_object == "threat-rule":
return 'show-threat-rulebase'
elif api_call_object == "threat-exception":
return 'show-threat-rule-exception-rulebase'
# uncomment code below when https & nat modules are added as crud modules
# elif api_call_object == 'nat-rule':
# return 'show-nat-rulebase'
# elif api_call_object == 'https-rule':
# return 'show-https-rulebase'
# is the param position (if the user inserted it) equals between the object and the user input, as well as the section the rule is in
def is_equals_with_position_param(payload, connection, version, api_call_object):
position_number, section_according_to_position = get_number_and_section_from_position(payload, connection, version, api_call_object)
# In this case the one of the following has occurred:
# 1) There is no position param, then it's equals in vacuous truth
# 2) search_entire_rulebase = False so it's possible the relative rule wasn't found in the default limit or maybe doesn't even exist
# 3) search_entire_rulebase = True and the relative rule/section doesn't exist
if position_number is None:
return True
rulebase_payload = build_rulebase_payload(api_call_object, payload, position_number)
rulebase_command = build_rulebase_command(api_call_object)
code, response = send_request(connection, version, rulebase_command, rulebase_payload)
rule, section = extract_rule_and_section_from_rulebase_response(response)
# if the names of the exist rule and the user input rule are equals, as well as the section they're in, then it
# means that their positions are equals so I return True. and there is no way that there is another rule with this
# name cause otherwise the 'equals' command would fail
if rule['name'] == payload['name'] and section_according_to_position == section:
return True
else:
return False
# get copy of the payload without some of the params
def extract_payload_without_some_params(payload, params_to_remove):
copy_payload = dict(payload)
for param in params_to_remove:
if param in copy_payload:
del copy_payload[param]
return copy_payload
# get copy of the payload with only some of the params
def extract_payload_with_some_params(payload, params_to_insert):
copy_payload = {}
for param in params_to_insert:
if param in payload:
copy_payload[param] = payload[param]
return copy_payload
# is equals with all the params including action and position
def is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule):
if is_access_rule and 'action' in payload:
payload_for_show = extract_payload_with_some_params(payload, ['name', 'uid', 'layer'])
code, response = send_request(connection, version, 'show-' + api_call_object, payload_for_show)
exist_action = response['action']['name']
if exist_action.lower() != payload['action'].lower():
if payload['action'].lower() != 'Apply Layer'.lower() or\
exist_action.lower() != 'Inner Layer'.lower():
return False
# here the action is equals, so check the position param
if not is_equals_with_position_param(payload, connection, version, api_call_object):
return False
return True
# handle api call for rule
def api_call_for_rule(module, api_call_object):
is_access_rule = True if 'access' in api_call_object else False
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
version = get_version(module)
result = {'changed': False}
if module.check_mode:
return result
if is_access_rule:
copy_payload_without_some_params = extract_payload_without_some_params(payload, ['action', 'position', 'search_entire_rulebase'])
else:
copy_payload_without_some_params = extract_payload_without_some_params(payload, ['position'])
payload_for_equals = {'type': api_call_object, 'params': copy_payload_without_some_params}
equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals)
result['checkpoint_session_uid'] = connection.get_session_uid()
handle_equals_failure(module, equals_code, equals_response)
if module.params['state'] == 'present':
if equals_code == 200:
if equals_response['equals']:
if not is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule):
equals_response['equals'] = False
# else objects are equals and there is no need for set request
if not equals_response['equals']:
# if user insert param 'position' and needed to use the 'set' command, change the param name to 'new-position'
if 'position' in payload:
payload['new-position'] = payload['position']
del payload['position']
if 'search-entire-rulebase' in payload:
del payload['search-entire-rulebase']
handle_call_and_set_result(connection, version, 'set-' + api_call_object, payload, module, result)
elif equals_code == 404:
if 'search-entire-rulebase' in payload:
del payload['search-entire-rulebase']
handle_call_and_set_result(connection, version, 'add-' + api_call_object, payload, module, result)
elif module.params['state'] == 'absent':
handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result)
return result
# check if call is in plural form
def call_is_plural(api_call_object, payload):
is_plural = False
if 'access' in api_call_object and payload.get("layer") is None:
is_plural = True
elif 'threat' in api_call_object and payload.get("layer") is None:
is_plural = True
elif 'nat' in api_call_object \
and payload.get("name") is None \
and payload.get("uid") is None \
and payload.get("rule-number") is None:
is_plural = True
return is_plural
# handle api call facts for rule
def api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version):
payload = get_payload_from_parameters(module.params)
connection = Connection(module._socket_path)
version = get_version(module)
# if there is no layer, the API command will be in plural version (e.g. show-hosts instead of show-host)
if call_is_plural(api_call_object, payload):
api_call_object = api_call_object_plural_version
response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False)
result = {api_call_object: response}
return result
# The code from here till EOF will be deprecated when Rikis' modules will be deprecated
checkpoint_argument_spec = dict(auto_publish_session=dict(type='bool', default=True),
policy_package=dict(type='str', default='standard'),
auto_install_policy=dict(type='bool', default=True),
targets=dict(type='list')
)
def publish(connection, uid=None):
payload = None
if uid:
payload = {'uid': uid}
connection.send_request('/web_api/publish', payload)
def discard(connection, uid=None):
payload = None
if uid:
payload = {'uid': uid}
connection.send_request('/web_api/discard', payload)
def install_policy(connection, policy_package, targets):
payload = {'policy-package': policy_package,
'targets': targets}
connection.send_request('/web_api/install-policy', payload)
def prepare_rule_params_for_execute_module(rule, module_args, position, below_rule_name):
rule['layer'] = module_args['layer']
if 'details_level' in module_args.keys():
rule['details_level'] = module_args['details_level']
if 'state' not in rule.keys() or ('state' in rule.keys() and rule['state'] != 'absent'):
if below_rule_name:
relative_position = {'relative_position': {'below': below_rule_name}}
rule.update(relative_position)
else:
rule['position'] = position
position = position + 1
below_rule_name = rule['name']
return rule, position, below_rule_name
def check_if_to_publish_for_action(result, module_args):
to_publish = ('auto_publish_session' in module_args.keys() and module_args['auto_publish_session']) and \
('changed' in result.keys() and result['changed'] is True) and ('failed' not in result.keys() or
result['failed'] is False)
return to_publish

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_access_layer.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_access_layer_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_access_role.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_access_role_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_access_rule.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_access_rule_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_access_rules.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_access_section.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_add_api_key.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_add_data_center_object.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_add_domain.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_add_nat_rule.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_add_rules_batch.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_address_range.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_address_range_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_administrator.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_administrator_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_application_site.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_application_site_category.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_application_site_category_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_application_site_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_application_site_group.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_application_site_group_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_approve_session.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_assign_global_assignment.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_check_network_feed.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_check_threat_ioc_feed.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_cluster_members_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_connect_cloud_services.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_data_center_object_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_delete_api_key.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_delete_data_center_object.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_delete_domain.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_delete_nat_rule.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_delete_rules_batch.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_discard.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_disconnect_cloud_services.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_dns_domain.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_dns_domain_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_domain_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_domain_permissions_profile.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_domain_permissions_profile_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_dynamic_object.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_dynamic_object_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_exception_group.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_exception_group_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_get_platform.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_global_assignment.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_global_assignment_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_group.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_group_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_group_with_exclusion.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_group_with_exclusion_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_host.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_host_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_https_section.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_identity_tag.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_identity_tag_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_idp_administrator_group.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_idp_administrator_group_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_idp_to_domain_assignment_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_install_database.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_install_lsm_policy.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_install_lsm_settings.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_install_policy.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_install_software_package.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_interoperable_device.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_interoperable_device_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_lsm_cluster.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_lsm_cluster_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_lsm_cluster_profile_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_lsm_gateway.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_lsm_gateway_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_lsm_gateway_profile_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_lsm_run_script.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_md_permissions_profile.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
lib/python3.10/site-packages/ansible_collections/check_point/mgmt/plugins/modules/__pycache__/cp_mgmt_md_permissions_profile_facts.cpython-310.pyc Normal file
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More