Merge pull request #71 from chkp-edenbr/master

R81.20 Modules

Author: chkp-edenbr

CHANGELOG.rst

@@ -9,7 +9,7 @@ namespace: check_point
 name: mgmt
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.0.6
+version: 3.0.0
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
@@ -18,6 +18,8 @@ readme: README.md
 # @nicks:irc/im.site#channel'
 authors:
 - Or Soffer <orso@checkpoint.com>
+- Shiran Golzar <shirango@checkpoint.com>
+- Eden Brillant <edenbr@checkpoint.com>
 
 
 ### OPTIONAL but strongly recommended

galaxy.yml

@@ -0,0 +1,8 @@
+  ---
+  version: 1
+
+  build_arg_defaults:
+    EE_BASE_IMAGE: 'quay.io/ansible/ansible-runner:latest'
+
+  dependencies:
+    galaxy: requirements.yml

meta/execution-environment.yml

@@ -7,13 +7,13 @@
 
 DOCUMENTATION = """
 ---
-author: Ansible Networking Team
-httpapi : checkpoint
+author: Ansible Networking Team (@rcarrillocruz)
+name: checkpoint
 short_description: HttpApi Plugin for Checkpoint devices
 description:
   - This HttpApi plugin provides methods to connect to Checkpoint
     devices over a HTTP(S)-based api.
-version_added: "2.8"
+version_added: "2.8.0"
 options:
   domain:
     type: str

plugins/httpapi/checkpoint.py

@@ -60,6 +60,11 @@
 
 delete_params = ['name', 'uid', 'layer', 'exception-group-name', 'rule-name', 'package']
 
+remove_from_set_payload = {'lsm-cluster': ['security-profile', 'name-prefix', 'name-suffix', 'main-ip-address'],
+                           'md-permissions-profile': ['permission-level']}
+
+remove_from_add_payload = {'lsm-cluster': ['name']}
+
 
 # parse failure message with code and response
 def parse_fail_message(code, response):
@@ -84,6 +89,14 @@ def is_checkpoint_param(parameter):
     return True
 
 
+def contains_show_identifier_param(payload):
+    identifier_params = ["name", "uid", "assigned-domain"]
+    for param in identifier_params:
+        if payload.get(param) is not None:
+            return True
+    return False
+
+
 # build the payload from the parameters which has value (not None), and they are parameter of checkpoint API as well
 def get_payload_from_parameters(params):
     payload = {}
@@ -210,7 +223,7 @@ def discard_and_fail(module, code, response, connection, version):
 
 # handle publish command, and wait for it to end if the user asked so
 def handle_publish(module, connection, version):
-    if module.params['auto_publish_session']:
+    if 'auto_publish_session' in module.params and module.params['auto_publish_session']:
         publish_code, publish_response = send_request(connection, version, 'publish')
         if publish_code != 200:
             discard_and_fail(module, publish_code, publish_response, connection, version)
@@ -275,6 +288,8 @@ def api_command(module, command):
                 del response['tasks']
 
         result[command] = response
+
+        handle_publish(module, connection, version)
     else:
         discard_and_fail(module, code, response, connection, version)
 
@@ -287,8 +302,8 @@ def api_call_facts(module, api_call_object, api_call_object_plural_version):
     connection = Connection(module._socket_path)
     version = get_version(module)
 
-    # if there is neither name nor uid, the API command will be in plural version (e.g. show-hosts instead of show-host)
-    if payload.get("name") is None and payload.get("uid") is None:
+    # if there isn't an identifier param, the API command will be in plural version (e.g. show-hosts instead of show-host)
+    if not contains_show_identifier_param(payload):
         api_call_object = api_call_object_plural_version
 
     response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False)
@@ -331,12 +346,10 @@ def api_call(module, api_call_object):
         if equals_code == 200:
             # else objects are equals and there is no need for set request
             if not equals_response['equals']:
-                if 'lsm-cluster' == api_call_object:
-                    build_lsm_cluster_payload(payload, 'set')
+                build_payload(api_call_object, payload, remove_from_set_payload)
                 handle_call_and_set_result(connection, version, 'set-' + api_call_object, payload, module, result)
         elif equals_code == 404:
-            if 'lsm-cluster' == api_call_object:
-                build_lsm_cluster_payload(payload, 'add')
+            build_payload(api_call_object, payload, remove_from_add_payload)
             handle_call_and_set_result(connection, version, 'add-' + api_call_object, payload, module, result)
     elif module.params['state'] == 'absent':
         handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result)
@@ -406,17 +419,6 @@ def build_rulebase_payload(api_call_object, payload, position_number):
     return rulebase_payload
 
 
-def build_lsm_cluster_payload(payload, operator):
-    fields = ['security-profile', 'name-prefix', 'name-suffix', 'main-ip-address']
-    if operator == 'add':
-        del payload['name']
-    else:
-        for field in fields:
-            if field in payload.keys():
-                del payload[field]
-    return payload
-
-
 def build_rulebase_command(api_call_object):
     rulebase_command = 'show-' + api_call_object.split('-')[0] + '-rulebase'
 
@@ -426,6 +428,14 @@ def build_rulebase_command(api_call_object):
     return rulebase_command
 
 
+# remove from payload unrecognized params (used for cases where add payload differs from that of a set)
+def build_payload(api_call_object, payload, params_to_remove):
+    if api_call_object in params_to_remove:
+        for param in params_to_remove[api_call_object]:
+            del payload[param]
+    return payload
+
+
 # extract rule from rulebase response
 def extract_rule_from_rulebase_response(response):
     rule = response['rulebase'][0]