bug fixes and param support (#78)

chkp-edenbr · web-flow · commit 4cb218f0efff · 2022-07-04T08:42:32.000+03:00
* Update version parameter name in simple-cluster

* Remove uid param from publish module

* Support 'top' and 'bottom' in position param

* Add state param
diff --git a/plugins/module_utils/checkpoint.py b/plugins/module_utils/checkpoint.py
@@ -112,7 +112,7 @@ def get_payload_from_parameters(params):
                 payload[parameter.replace("_", "-")] = payload_list
             else:
                 # special handle for this param in order to avoid two params called "version"
-                if parameter == "gateway_version":
+                if parameter == "gateway_version" or parameter == "cluster_version":
                     parameter = "version"
 
                 payload[parameter.replace("_", "-")] = parameter_value
@@ -358,53 +358,37 @@ def api_call(module, api_call_object):
 
 
 # get the position in integer format
-def get_number_from_position(payload, connection, version):
-    if 'position' in payload:
-        if type(payload['position']) is not dict:
-            position = payload['position']
-        else:
-            position = None
-            payload_for_show_access_rulebase = {'name': payload['layer']}
-            code, response = send_request(connection, version, 'show-access-rulebase', payload_for_show_access_rulebase)
-            rulebase = response['rulebase']
-            for rules in rulebase:
-                if 'rulebase' in rules:
-                    rules = rules['rulebase']
-                    for rule in rules:
-                        if 'below' in payload['position'].keys() and rule['name'] == payload['position']['below']:
-                            position = int(rule['rule-number']) + 1
-                            return position
-                        elif 'above' in payload['position'].keys() and rule['name'] == payload['position']['above']:
-                            position = max(int(rule['rule-number']) - 1, 1)
-                            return position
-                elif 'below' in payload['position'].keys() and rules['name'] == payload['position']['below']:
-                    position = int(rules['rule-number']) + 1
-                    return position
-                elif 'above' in payload['position'].keys() and rules['name'] == payload['position']['above']:
-                    position = max(int(rules['rule-number']) - 1, 1)
-                    return position
-            return position
+def get_number_from_position(payload, connection, version, show_rulebase_command):
+    if type(payload['position']) is not dict:
+        position = payload['position']
+        if position == 'top':
+            position = 1
+        elif position == 'bottom':
+            payload_for_show_obj_rulebase = {'name': payload['layer'], 'limit': 0}
+            code, response = send_request(connection, version, show_rulebase_command, payload_for_show_obj_rulebase)
+            position = response['total']
     else:
-        return None
-
-    # This code relevant if we will decide to support 'top' and 'bottom' in position
-
-    # position_number = None
-    # # if position is not int, convert it to int. There are several cases: "top"
-    # if position == 'top':
-    #     position_number = 1
-    # elif position == 'bottom':
-    #     payload_for_show_access_rulebase = {'name': payload['layer'], 'limit': 0}
-    #     code, response = send_request(connection, version, 'show-access-rulebase', payload_for_show_access_rulebase)
-    #     position_number = response['total']
-    # elif isinstance(position, str):
-    #     # here position is a number in format str (e.g. "5" and not 5)
-    #     position_number = int(position)
-    # else:
-    #     # here position suppose to be int
-    #     position_number = position
-    #
-    # return position_number
+        position = None
+        payload_for_show_access_rulebase = {'name': payload['layer']}
+        code, response = send_request(connection, version, 'show-access-rulebase', payload_for_show_access_rulebase)
+        rulebase = response['rulebase']
+        for rules in rulebase:
+            if 'rulebase' in rules:
+                rules = rules['rulebase']
+                for rule in rules:
+                    if 'below' in payload['position'].keys() and rule['name'] == payload['position']['below']:
+                        position = int(rule['rule-number']) + 1
+                        return position
+                    elif 'above' in payload['position'].keys() and rule['name'] == payload['position']['above']:
+                        position = max(int(rule['rule-number']) - 1, 1)
+                        return position
+            elif 'below' in payload['position'].keys() and rules['name'] == payload['position']['below']:
+                position = int(rules['rule-number']) + 1
+                return position
+            elif 'above' in payload['position'].keys() and rules['name'] == payload['position']['above']:
+                position = max(int(rules['rule-number']) - 1, 1)
+                return position
+        return position
 
     return int(position)
 
@@ -444,14 +428,28 @@ def extract_rule_from_rulebase_response(response):
     return rule
 
 
+def get_relevant_show_rulebase_command(api_call_object):
+    if api_call_object == 'access-rule':
+        return 'show-access-rulebase'
+    elif api_call_object == "threat-rule":
+        return 'show-threat-rulebase'
+    elif api_call_object == "threat-exception":
+        return 'show-threat-rule-exception-rulebase'
+    #uncomment code below when https & nat modules are added as crud modules
+    # elif api_call_object == 'nat-rule':
+    #     return 'show-nat-rulebase'
+    # elif api_call_object == 'https-rule':
+    #     return 'show-https-rulebase'
+
+
 # is the param position (if the user inserted it) equals between the object and the user input
 def is_equals_with_position_param(payload, connection, version, api_call_object):
-    position_number = get_number_from_position(payload, connection, version)
-
     # if there is no position param, then it's equals in vacuous truth
-    if position_number is None:
+    if 'position' not in payload:
         return True
 
+    position_number = payload['position']
+
     rulebase_payload = build_rulebase_payload(api_call_object, payload, position_number)
     rulebase_command = build_rulebase_command(api_call_object)
 
@@ -530,6 +528,9 @@ def api_call_for_rule(module, api_call_object):
 
     if module.params['state'] == 'present':
         if equals_code == 200:
+            if 'position' in payload:
+                payload['position'] = get_number_from_position(payload, connection, version,
+                                                               get_relevant_show_rulebase_command(api_call_object))
             if equals_response['equals']:
                 if not is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule):
                     equals_response['equals'] = False
diff --git a/plugins/modules/cp_mgmt_access_rule.py b/plugins/modules/cp_mgmt_access_rule.py
@@ -41,7 +41,7 @@
     type: str
   position:
     description:
-      - Position in the rulebase.
+      - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent.
     type: str
   position_by_rule:
     description:
diff --git a/plugins/modules/cp_mgmt_access_rules.py b/plugins/modules/cp_mgmt_access_rules.py
@@ -251,6 +251,14 @@
         description:
           - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
         type: bool
+      state:
+        description:
+          - State of the access rule (present or absent). Defaults to present.
+        type: str
+        default: present
+        choices:
+          - 'present'
+          - 'absent'
   details_level:
     description:
       - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
@@ -345,7 +353,9 @@ def main():
             comments=dict(type='str'),
             details_level=dict(type='str', choices=['uid', 'standard', 'full']),
             ignore_warnings=dict(type='bool'),
-            ignore_errors=dict(type='bool')
+            ignore_errors=dict(type='bool'),
+            state=dict(type='str', choices=['present', 'absent'], default='present')
+
         )),
         layer=dict(type='str', required=True),
         details_level=dict(type='str', choices=['uid', 'standard', 'full'])
@@ -360,4 +370,4 @@ def main():
 
 
 if __name__ == '__main__':
-    main()
+    main()
diff --git a/plugins/modules/cp_mgmt_publish.py b/plugins/modules/cp_mgmt_publish.py
@@ -34,11 +34,7 @@
   - All operations are performed over Web Services API.
 version_added: "1.0.0"
 author: "Or Soffer (@chkp-orso)"
-options:
-  uid:
-    description:
-      - Session unique identifier. Specify it to publish a different session than the one you currently use.
-    type: str
+options: {}
 extends_documentation_fragment: check_point.mgmt.checkpoint_commands
 """
 
@@ -60,7 +56,6 @@
 
 def main():
     argument_spec = dict(
-        uid=dict(type='str')
     )
     argument_spec.update(checkpoint_argument_spec_for_commands)
 
diff --git a/plugins/modules/cp_mgmt_simple_cluster.py b/plugins/modules/cp_mgmt_simple_cluster.py
@@ -660,7 +660,7 @@
                 description:
                   - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
                 type: bool
-  version:
+  cluster_version:
     description:
       - Cluster platform version.
     type: str
@@ -1002,7 +1002,7 @@
     name: cluster1
     os_name: Gaia
     state: present
-    version: R80.30
+    cluster_version: R80.30
 
 - name: set-simple-cluster
   cp_mgmt_simple_cluster:
@@ -1200,7 +1200,7 @@ def main():
                 ))
             ))
         )),
-        version=dict(type='str'),
+        cluster_version=dict(type='str'),
         vpn=dict(type='bool'),
         vpn_settings=dict(type='dict', options=dict(
             authentication=dict(type='dict', options=dict(
diff --git a/plugins/modules/cp_mgmt_threat_exception.py b/plugins/modules/cp_mgmt_threat_exception.py
@@ -42,7 +42,7 @@
     required: True
   position:
     description:
-      - Position in the rulebase.
+      - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent.
     type: str
   exception_group_uid:
     description:
diff --git a/plugins/modules/cp_mgmt_threat_rule.py b/plugins/modules/cp_mgmt_threat_rule.py
@@ -37,7 +37,7 @@
 options:
   position:
     description:
-      - Position in the rulebase.
+      - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent.
     type: str
   layer:
     description:
