version 1.0.6

Author: chkp-orso

README.md

@@ -70,8 +70,8 @@ Note - If you want to run against Ansible version 2.9 instead of the collection,
   2. Ansible has a feature called "Check Mode" that enables you to test the
      changes without actually changing anything.
   3. The login and logout happens automatically.
-  4. If you want to login to a specific domain, in the playbook above, in the `vars`secion, in 
-     `ansible_checkpoint_domain` key, change the value from `SMC User` to `YOUR_DOMAIN`
+  4. If you want to login to a specific domain, in the playbook above in the `vars`secion change the domain name to 
+     `ansible_checkpoint_domain`
   5. There are two ways to publish changes:
     a. Set the `auto_publish_session` to `true` as displayed in the example playbook above.
        This option will publish only the task which this parameter belongs to.
@@ -81,6 +81,8 @@ Note - If you want to run against Ansible version 2.9 instead of the collection,
   7. If you still want to use Ansible version 2.9 instead of this collection (not recommended):
     a. In the `hosts` file replace `ansible_network_os=check_point.mgmt.checkpoint` with `ansible_network_os=checkpoint`
     b. In the task in the playbook replace the module `check_point.mgmt.cp_mgmt_*` with the module `cp_mgmt_*`
+  8. Starting from version 1.0.6, when running a command which returns a task-id, and the user chooses to wait for that task to finish
+     (the default is to wait), then the output of the command will be the output of the show-task command (instead of the task-id).
 
 Modules
 -------

galaxy.yml

@@ -9,7 +9,7 @@ namespace: check_point
 name: mgmt
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.0.5
+version: 1.0.6
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

plugins/module_utils/checkpoint.py

@@ -99,7 +99,7 @@ def get_payload_from_parameters(params):
 
 # wait for task
 def wait_for_task(module, version, connection, task_id):
-    task_id_payload = {'task-id': task_id}
+    task_id_payload = {'task-id': task_id, 'details-level': 'full'}
     task_complete = False
     current_iteration = 0
     max_num_iterations = 300
@@ -138,6 +138,8 @@ def wait_for_task(module, version, connection, task_id):
             time.sleep(2)  # Wait for two seconds
     if not task_complete:
         module.fail_json(msg="ERROR: Timeout. Task-id: {0}.".format(task_id_payload['task-id']))
+    else:
+        return response
 
 
 # if failed occurred, in some cases we want to discard changes before exiting. We also notify the user about the `discard`
@@ -199,7 +201,7 @@ def api_command(module, command):
     if code == 200:
         if module.params['wait_for_task']:
             if 'task-id' in response:
-                wait_for_task(module, version, connection, response['task-id'])
+                response = wait_for_task(module, version, connection, response['task-id'])
             elif 'tasks' in response:
                 for task in response['tasks']:
                     if 'task-id' in task:
@@ -428,14 +430,29 @@ def api_call_for_rule(module, api_call_object):
     return result
 
 
+# check if call is in plural form
+def call_is_plural(api_call_object, payload):
+    is_plural = False
+    if 'access' in api_call_object and payload.get("layer") is None:
+        is_plural = True
+    elif 'threat' in api_call_object and payload.get("layer") is None:
+        is_plural = True
+    elif 'nat' in api_call_object \
+            and payload.get("name") is None \
+            and payload.get("uid") is None \
+            and payload.get("rule-number") is None:
+        is_plural = True
+    return is_plural
+
+
 # handle api call facts for rule
 def api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version):
     payload = get_payload_from_parameters(module.params)
     connection = Connection(module._socket_path)
     version = get_version(module)
 
     # if there is no layer, the API command will be in plural version (e.g. show-hosts instead of show-host)
-    if payload.get("layer") is None:
+    if call_is_plural(api_call_object, payload):
         api_call_object = api_call_object_plural_version
 
     response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False)

plugins/modules/cp_mgmt_add_nat_rule.py

@@ -0,0 +1,158 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_add_nat_rule
+short_description: Create new object.
+description:
+  - Create new object.
+  - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+  package:
+    description:
+      - Name of the package.
+    type: str
+  position:
+    description:
+      - Position in the rulebase.
+    type: str
+  enabled:
+    description:
+      - Enable/Disable the rule.
+    type: bool
+  install_on:
+    description:
+      - Which Gateways identified by the name or UID to install the policy on.
+    type: list
+  method:
+    description:
+      - Nat method.
+    type: str
+    choices: ['static', 'hide', 'nat64', 'nat46']
+  original_destination:
+    description:
+      - Original destination.
+    type: str
+  original_service:
+    description:
+      - Original service.
+    type: str
+  original_source:
+    description:
+      - Original source.
+    type: str
+  translated_destination:
+    description:
+      - Translated  destination.
+    type: str
+  translated_service:
+    description:
+      - Translated  service.
+    type: str
+  translated_source:
+    description:
+      - Translated  source.
+    type: str
+  comments:
+    description:
+      - Comments string.
+    type: str
+  details_level:
+    description:
+      - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+        representation of the object.
+    type: str
+    choices: ['uid', 'standard', 'full']
+  ignore_warnings:
+    description:
+      - Apply changes ignoring warnings.
+    type: bool
+  ignore_errors:
+    description:
+      - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+    type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: add-nat-rule
+  cp_mgmt_add_nat_rule:
+    comments: comment example1 nat999
+    enabled: false
+    install_on:
+    - Policy Targets
+    original_destination: All_Internet
+    original_source: Any
+    package: standard
+    position: 1
+    state: present
+"""
+
+RETURN = """
+cp_mgmt_add_nat_rule:
+  description: The checkpoint add-nat-rule output.
+  returned: always.
+  type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+    argument_spec = dict(
+        package=dict(type='str'),
+        position=dict(type='str'),
+        enabled=dict(type='bool'),
+        install_on=dict(type='list'),
+        method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']),
+        original_destination=dict(type='str'),
+        original_service=dict(type='str'),
+        original_source=dict(type='str'),
+        translated_destination=dict(type='str'),
+        translated_service=dict(type='str'),
+        translated_source=dict(type='str'),
+        comments=dict(type='str'),
+        details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+        ignore_warnings=dict(type='bool'),
+        ignore_errors=dict(type='bool')
+    )
+    argument_spec.update(checkpoint_argument_spec_for_commands)
+
+    module = AnsibleModule(argument_spec=argument_spec)
+
+    command = "add-nat-rule"
+
+    result = api_command(module, command)
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()

plugins/modules/cp_mgmt_delete_nat_rule.py

@@ -0,0 +1,90 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_delete_nat_rule
+short_description: Delete existing object using object name or uid.
+description:
+  - Delete existing object using object name or uid.
+  - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+  rule_number:
+    description:
+      - Rule number.
+    type: str
+  package:
+    description:
+      - Name of the package.
+    type: str
+  details_level:
+    description:
+      - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+        representation of the object.
+    type: str
+    choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: delete-nat-rule
+  cp_mgmt_delete_nat_rule:
+    package: standard
+    state: absent
+"""
+
+RETURN = """
+cp_mgmt_delete_nat_rule:
+  description: The checkpoint delete-nat-rule output.
+  returned: always.
+  type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+    argument_spec = dict(
+        rule_number=dict(type='str'),
+        package=dict(type='str'),
+        details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+    )
+    argument_spec.update(checkpoint_argument_spec_for_commands)
+
+    module = AnsibleModule(argument_spec=argument_spec)
+
+    command = "delete-nat-rule"
+
+    result = api_command(module, command)
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()