upload version 1.5

Author: chkp-orso

galaxy.yml

@@ -9,7 +9,7 @@ namespace: check_point
 name: mgmt
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.0.1
+version: 1.0.5
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
@@ -36,7 +36,7 @@ license_file: ''
 
 # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
 # requirements as 'namespace' and 'name'
-tags: []
+tags: [security]
 
 # Collections that this collection requires to be installed for it to be usable. The key of the dict is the
 # collection label 'namespace.name'. The value is a version range
@@ -51,7 +51,7 @@ repository: https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection
 documentation: https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html#check-point
 
 # The URL to the homepage of the collection/project
-homepage: https://sc1.checkpoint.com/documents/latest/APIs/index.html#introduction~v1.5%20
+homepage: https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection
 
 # The URL to the collection issue tracker
-issues: http://example.com/issue/tracker
+issues: https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues

plugins/httpapi/checkpoint.py

@@ -21,6 +21,12 @@
       - Specifies the domain of the Check Point device
     vars:
       - name: ansible_checkpoint_domain
+  api_key:
+    type: str
+    description:
+      - Login with api-key instead of user & password
+    vars:
+      - name: ansible_api_key
 """
 
 import json
@@ -33,21 +39,26 @@
 
 BASE_HEADERS = {
     'Content-Type': 'application/json',
+    'User-Agent': 'Ansible',
 }
 
 
 class HttpApi(HttpApiBase):
     def login(self, username, password):
-        if username and password:
-            cp_domain = self.get_option('domain')
-            if cp_domain:
-                payload = {'user': username, 'password': password, 'domain': cp_domain}
-            else:
-                payload = {'user': username, 'password': password}
-            url = '/web_api/login'
-            response, response_data = self.send_request(url, payload)
+        payload = {}
+        cp_domain = self.get_option('domain')
+        cp_api_key = self.get_option('api_key')
+        if cp_domain:
+            payload['domain'] = cp_domain
+        if username and password and not cp_api_key:
+            payload['user'] = username
+            payload['password'] = password
+        elif cp_api_key and not username and not password:
+            payload['api-key'] = cp_api_key
         else:
-            raise AnsibleConnectionFailure('Username and password are required for login')
+            raise AnsibleConnectionFailure('[Username and password] or api_key are required for login')
+        url = '/web_api/login'
+        response, response_data = self.send_request(url, payload)
 
         try:
             self.connection._auth = {'X-chkp-sid': response_data['sid']}

plugins/modules/cp_mgmt_access_section.py

@@ -0,0 +1,119 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_access_section
+short_description: Manages access-section objects on Checkpoint over Web Services API
+description:
+  - Manages access-section objects on Checkpoint devices including creating, updating and removing objects.
+  - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+  layer:
+    description:
+      - Layer that the rule belongs to identified by the name or UID.
+    type: str
+  position:
+    description:
+      - Position in the rulebase.
+    type: str
+  name:
+    description:
+      - Object name.
+    type: str
+    required: True
+  details_level:
+    description:
+      - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+        representation of the object.
+    type: str
+    choices: ['uid', 'standard', 'full']
+  ignore_warnings:
+    description:
+      - Apply changes ignoring warnings.
+    type: bool
+  ignore_errors:
+    description:
+      - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+    type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-access-section
+  cp_mgmt_access_section:
+    layer: Network
+    name: New Section 1
+    position: 1
+    state: present
+
+- name: set-access-section
+  cp_mgmt_access_section:
+    layer: Network
+    name: New Section 1
+    state: present
+
+- name: delete-access-section
+  cp_mgmt_access_section:
+    layer: Network
+    name: New Section 2
+    state: absent
+"""
+
+RETURN = """
+cp_mgmt_access_section:
+  description: The checkpoint object created or updated.
+  returned: always, except when deleting the object.
+  type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+    argument_spec = dict(
+        layer=dict(type='str'),
+        position=dict(type='str'),
+        name=dict(type='str', required=True),
+        details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+        ignore_warnings=dict(type='bool'),
+        ignore_errors=dict(type='bool')
+    )
+    argument_spec.update(checkpoint_argument_spec_for_objects)
+
+    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+    api_call_object = 'access-section'
+
+    result = api_call(module, api_call_object)
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()

plugins/modules/cp_mgmt_add_api_key.py

@@ -0,0 +1,84 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_add_api_key
+short_description: Add API key for administrator, to enable login with it. For the key to be valid publish is needed.
+description:
+  - Add API key for administrator, to enable login with it. For the key to be valid publish is needed. <br>When using mgmt_cli tool, add -f json to get
+    the key in the command's output.
+  - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+  admin_uid:
+    description:
+      - Administrator uid to generate API key for.
+    type: str
+  admin_name:
+    description:
+      - Administrator name to generate API key for.
+    type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: add-api-key
+  cp_mgmt_add_api_key:
+    admin_name: admin
+    state: present
+"""
+
+RETURN = """
+cp_mgmt_add_api_key:
+  description: The checkpoint add-api-key output.
+  returned: always.
+  type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+    argument_spec = dict(
+        admin_uid=dict(type='str'),
+        admin_name=dict(type='str')
+    )
+    argument_spec.update(checkpoint_argument_spec_for_commands)
+
+    module = AnsibleModule(argument_spec=argument_spec)
+
+    command = "add-api-key"
+
+    result = api_command(module, command)
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()