diff --git a/lib/ansible/module_utils/network/checkpoint/checkpoint.py b/lib/ansible/module_utils/network/checkpoint/checkpoint.py index 61c7854e738..7545ebfe345 100644 --- a/lib/ansible/module_utils/network/checkpoint/checkpoint.py +++ b/lib/ansible/module_utils/network/checkpoint/checkpoint.py @@ -27,10 +27,33 @@ # -def publish(module, connection): - connection.send_request('/web_api/publish', None) +checkpoint_argument_spec = dict(auto_publish_session=dict(type='bool', default=True), + policy_package=dict(type='str', default='standard'), + auto_install_policy=dict(type='bool', default=True), + targets=dict(type='list') + ) -def install_policy(module, connection): - payload = {'policy-package': 'standard'} +def publish(connection, uid=None): + payload = None + + if uid: + payload = {'uid': uid} + + connection.send_request('/web_api/publish', payload) + + +def discard(connection, uid=None): + payload = None + + if uid: + payload = {'uid': uid} + + connection.send_request('/web_api/discard', payload) + + +def install_policy(connection, policy_package, targets): + payload = {'policy-package': policy_package, + 'targets': targets} + connection.send_request('/web_api/install-policy', payload) diff --git a/lib/ansible/modules/network/checkpoint/checkpoint_access_rule.py b/lib/ansible/modules/network/checkpoint/checkpoint_access_rule.py index 0b82e108971..c8b0e8557b1 100644 --- a/lib/ansible/modules/network/checkpoint/checkpoint_access_rule.py +++ b/lib/ansible/modules/network/checkpoint/checkpoint_access_rule.py @@ -71,6 +71,27 @@ options: - State of the access rule (present or absent). Defaults to present. type: str default: present + auto_publish_session: + description: + - Publish the current session if changes have been performed + after task completes. + type: bool + default: 'yes' + auto_install_policy: + description: + - Install the package policy if changes have been performed + after the task completes. + type: bool + default: 'yes' + policy_package: + description: + - Package policy name to be installed. + type: bool + default: 'standard' + targets: + description: + - Targets to install the package policy on. + type: list """ EXAMPLES = """ @@ -99,7 +120,7 @@ checkpoint_access_rules: from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.connection import Connection -from ansible.module_utils.network.checkpoint.checkpoint import publish, install_policy +from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec, publish, install_policy import json @@ -195,6 +216,7 @@ def main(): enabled=dict(type='bool', default=True), state=dict(type='str', default='present') ) + argument_spec.update(checkpoint_argument_spec) required_if = [('state', 'present', ('layer', 'position'))] module = AnsibleModule(argument_spec=argument_spec, required_if=required_if) @@ -206,28 +228,42 @@ def main(): if code == 200: if needs_update(module, response): code, response = update_access_rule(module, connection) - publish(module, connection) - install_policy(module, connection) + if module.params['auto_publish_session']: + publish(connection) + + if module.params['auto_install_policy']: + install_policy(connection, module.params['policy_package'], module.params['targets']) + result['changed'] = True result['checkpoint_access_rules'] = response else: pass elif code == 404: code, response = create_access_rule(module, connection) - publish(module, connection) - install_policy(module, connection) + + if module.params['auto_publish_session']: + publish(connection) + + if module.params['auto_install_policy']: + install_policy(connection, module.params['policy_package'], module.params['targets']) + result['changed'] = True result['checkpoint_access_rules'] = response else: if code == 200: - # Handle deletion code, response = delete_access_rule(module, connection) - publish(module, connection) - install_policy(module, connection) + + if module.params['auto_publish_session']: + publish(connection) + + if module.params['auto_install_policy']: + install_policy(connection, module.params['policy_package'], module.params['targets']) + result['changed'] = True elif code == 404: pass + result['checkpoint_sid'] = connection.get_sid() module.exit_json(**result) diff --git a/lib/ansible/modules/network/checkpoint/checkpoint_host.py b/lib/ansible/modules/network/checkpoint/checkpoint_host.py index 1baa229cd3f..ec1fd1aee1c 100644 --- a/lib/ansible/modules/network/checkpoint/checkpoint_host.py +++ b/lib/ansible/modules/network/checkpoint/checkpoint_host.py @@ -49,6 +49,27 @@ options: - State of the access rule (present or absent). Defaults to present. type: str default: present + auto_publish_session: + description: + - Publish the current session if changes have been performed + after task completes. + type: bool + default: 'yes' + auto_install_policy: + description: + - Install the package policy if changes have been performed + after the task completes. + type: bool + default: 'yes' + policy_package: + description: + - Package policy name to be installed. + type: bool + default: 'standard' + targets: + description: + - Targets to install the package policy on. + type: list """ EXAMPLES = """ @@ -73,7 +94,7 @@ checkpoint_hosts: from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.connection import Connection -from ansible.module_utils.network.checkpoint.checkpoint import publish, install_policy +from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec, publish, install_policy import json @@ -137,6 +158,7 @@ def main(): ip_address=dict(type='str'), state=dict(type='str', default='present') ) + argument_spec.update(checkpoint_argument_spec) required_if = [('state', 'present', 'ip_address')] module = AnsibleModule(argument_spec=argument_spec) @@ -148,24 +170,39 @@ def main(): if code == 200: if needs_update(module, response): code, response = update_host(module, connection) - publish(module, connection) - install_policy(module, connection) + + if module.params['auto_publish_session']: + publish(connection) + + if module.params['auto_install_policy']: + install_policy(connection, module.params['policy_package'], module.params['targets']) + result['changed'] = True result['checkpoint_hosts'] = response else: pass elif code == 404: code, response = create_host(module, connection) - publish(module, connection) - install_policy(module, connection) + + if module.params['auto_publish_session']: + publish(connection) + + if module.params['auto_install_policy']: + install_policy(connection, module.params['policy_package'], module.params['targets']) + result['changed'] = True result['checkpoint_hosts'] = response else: if code == 200: # Handle deletion code, response = delete_host(module, connection) - publish(module, connection) - install_policy(module, connection) + + if module.params['auto_publish_session']: + publish(connection) + + if module.params['auto_install_policy']: + install_policy(connection, module.params['policy_package'], module.params['targets']) + result['changed'] = True elif code == 404: pass diff --git a/lib/ansible/plugins/httpapi/checkpoint.py b/lib/ansible/plugins/httpapi/checkpoint.py index 1a77a44db8c..2a29a1e6516 100644 --- a/lib/ansible/plugins/httpapi/checkpoint.py +++ b/lib/ansible/plugins/httpapi/checkpoint.py @@ -49,6 +49,9 @@ class HttpApi(HttpApiBase): response, dummy = self.send_request(url, None) + def get_sid(self): + return self.connection._auth['X-chkp-sid'] + def send_request(self, path, body_params): data = json.dumps(body_params) if body_params else '{}'