Adding a new module "access-rules"

Author: chkp-shirango

README.md

@@ -91,6 +91,7 @@ Modules
 * `cp_mgmt_access_role` – Manages access-role objects on Check Point over Web Services API
 * `cp_mgmt_access_role_facts` – Get access-role objects facts on Check Point over Web Services API
 * `cp_mgmt_access_rule` – Manages access-rule objects on Check Point over Web Services API
+* `cp_mgmt_access_rules` – Manages a list of access rules objects on Check Point over Web Services API
 * `cp_mgmt_access_rule_facts` – Get access-rule objects facts on Check Point over Web Services API
 * `cp_mgmt_address_range` – Manages address-range objects on Check Point over Web Services API
 * `cp_mgmt_address_range_facts` – Get address-range objects facts on Check Point over Web Services API

plugins/action/cp_mgmt_access_rules.py

@@ -0,0 +1,57 @@
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+
+from ansible.errors import AnsibleActionFail
+from ansible.plugins.action import ActionBase
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import \
+    prepare_rule_params_for_execute_module, check_if_to_publish_for_action
+
+
+class ActionModule(ActionBase):
+
+    def run(self, tmp=None, task_vars=None):
+
+        module = super(ActionModule, self).run(tmp, task_vars)
+
+        result = self._execute_module(module_name='check_point.mgmt.cp_mgmt_access_rules', module_args=self._task.args,
+                                      task_vars=task_vars, tmp=tmp)
+
+        if 'msg' in result.keys():
+            raise AnsibleActionFail(result['msg'])
+
+        module_args = self._task.args
+
+        fields = {'position', 'layer', 'auto_publish_session'}
+        rules_list = module_args['rules']
+        for rule in rules_list:
+            for field in fields:
+                if field in rule.keys():
+                    raise AnsibleActionFail('Unsupported parameter ' + field + ' for rule')
+        # check_fields_for_rule_action_module(module_args)
+        rules_list = self._task.args['rules']
+        position = 1
+
+        for rule in rules_list:
+            rule, position = prepare_rule_params_for_execute_module(rule=rule, module_args=module_args,
+                                                                    position=position)
+            result['rule: ' + rule['name']] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_access_rule',
+                                                                   module_args=rule,
+                                                                   task_vars=task_vars, tmp=tmp, wrap_async=False)
+            if 'changed' in result['rule: ' + rule['name']].keys() and \
+                    result['rule: ' + rule['name']]['changed'] is True:
+                result['changed'] = True
+            if 'failed' in result['rule: ' + rule['name']].keys() and result['rule: ' + rule['name']]['failed'] is True:
+                temp = result['rule: ' + rule['name']].copy()
+                result = {}
+                result['rule: ' + rule['name']] = temp
+                result['failed'] = True
+                result['discard:'] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_discard',
+                                                          module_args={}, task_vars=task_vars, tmp=tmp)
+                break
+        if check_if_to_publish_for_action(result, module_args):
+            result['publish:'] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_publish', module_args={},
+                                                      task_vars=task_vars, tmp=tmp)
+
+        return result

plugins/doc_fragments/checkpoint_objects_action_module.py

@@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+
+    # Standard files documentation fragment
+    DOCUMENTATION = r'''
+options:
+  auto_publish_session:
+    description:
+      - Publish the current session if changes have been performed
+        after task completes.
+    type: bool
+  wait_for_task_timeout:
+    description:
+      - How many minutes to wait until throwing a timeout error.
+    type: int
+    default: 30
+  version:
+    description:
+      - Version of checkpoint. If not given one, the latest version taken.
+    type: str
+'''

plugins/module_utils/checkpoint.py

@@ -34,6 +34,12 @@
 
 from ansible.module_utils.connection import Connection
 
+checkpoint_argument_spec_for_action_module = dict(
+    auto_publish_session=dict(type='bool'),
+    wait_for_task_timeout=dict(type='int', default=30),
+    version=dict(type='str')
+)
+
 checkpoint_argument_spec_for_objects = dict(
     auto_publish_session=dict(type='bool'),
     wait_for_task=dict(type='bool', default=True),
@@ -504,3 +510,21 @@ def install_policy(connection, policy_package, targets):
                'targets': targets}
 
     connection.send_request('/web_api/install-policy', payload)
+
+
+def prepare_rule_params_for_execute_module(rule, module_args, position):
+    rule['layer'] = module_args['layer']
+    if 'details_level' in module_args.keys():
+        rule['details_level'] = module_args['details_level']
+    if 'state' not in rule.keys() or ('state' in rule.keys() and rule['state'] != 'absent'):
+        rule['position'] = position
+        position = position + 1
+
+    return rule, position
+
+
+def check_if_to_publish_for_action(result, module_args):
+    to_publish = ('auto_publish_session' in module_args.keys() and module_args['auto_publish_session']) and \
+                 ('changed' in result.keys() and result['changed'] is True) and ('failed' not in result.keys() or
+                                                                                 result['failed'] is False)
+    return to_publish