|
| 1 | +#!/usr/bin/python |
| 2 | +# -*- coding: utf-8 -*- |
| 3 | +# |
| 4 | +# Ansible module to manage CheckPoint Firewall (c) 2019 |
| 5 | +# |
| 6 | +# Ansible is free software: you can redistribute it and/or modify |
| 7 | +# it under the terms of the GNU General Public License as published by |
| 8 | +# the Free Software Foundation, either version 3 of the License, or |
| 9 | +# (at your option) any later version. |
| 10 | +# |
| 11 | +# Ansible is distributed in the hope that it will be useful, |
| 12 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | +# GNU General Public License for more details. |
| 15 | +# |
| 16 | +# You should have received a copy of the GNU General Public License |
| 17 | +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. |
| 18 | +# |
| 19 | + |
| 20 | +from __future__ import (absolute_import, division, print_function) |
| 21 | + |
| 22 | +__metaclass__ = type |
| 23 | + |
| 24 | +ANSIBLE_METADATA = {'metadata_version': '1.1', |
| 25 | + 'status': ['preview'], |
| 26 | + 'supported_by': 'community'} |
| 27 | + |
| 28 | +DOCUMENTATION = """ |
| 29 | +--- |
| 30 | +module: cp_mgmt_add_rules_batch |
| 31 | +short_description: Creates new rules in batch. Use this API to achieve optimum performance when adding more than one rule. |
| 32 | +description: |
| 33 | + - Creates new rules in batch. Use this API to achieve optimum performance when adding more than one rule. |
| 34 | + - Add multiple rules to a layer in a specific position, incrementing position by one for each rule. |
| 35 | + - Errors and warnings are ignored when using this API, operation will apply changes while ignoring errors. It is not |
| 36 | + possible to publish changes that contain validations errors. You must use the "show-validations" API to see any |
| 37 | + validation errors and warnings caused by the batch creation. Supported rules types are access-rule, nat-rule, |
| 38 | + https-rule and threat-exception. |
| 39 | + - This module is not idempotent. |
| 40 | + - All operations are performed over Web Services API. |
| 41 | +version_added: "3.0.0" |
| 42 | +author: "Eden Brillant (@chkp-edenbr)" |
| 43 | +options: |
| 44 | + objects: |
| 45 | + description: |
| 46 | + - Batch of rules separated by types. |
| 47 | + type: list |
| 48 | + elements: dict |
| 49 | + suboptions: |
| 50 | + layer: |
| 51 | + description: |
| 52 | + - Layer name or uid. |
| 53 | + type: str |
| 54 | + type: |
| 55 | + description: |
| 56 | + - Type of rules to be created. <br>Only types from above are supported. |
| 57 | + type: str |
| 58 | + first_position: |
| 59 | + description: |
| 60 | + - First rule position. |
| 61 | + type: str |
| 62 | + list: |
| 63 | + description: |
| 64 | + - List of rules from the same type to be created on the same layer. <br>Use the "add" API reference documentation for a single rule |
| 65 | + command to find the expected fields for the request. <br>For example, to add access-rules, use the "add-access-rule" command found in the API |
| 66 | + reference documentation (under Access Control & NAT). <br>Note, "set-if-exists", "ignore-errors", "ignore-warnings" and "details-level" options |
| 67 | + are not supported when adding a batch of rules. |
| 68 | + type: list |
| 69 | + elements: dict |
| 70 | + auto_publish_session: |
| 71 | + description: |
| 72 | + - Publish the current session if changes have been performed after task completes. |
| 73 | + type: bool |
| 74 | +extends_documentation_fragment: check_point.mgmt.checkpoint_commands |
| 75 | +""" |
| 76 | + |
| 77 | +EXAMPLES = """ |
| 78 | +- name: add-rules-batch |
| 79 | + cp_mgmt_add_rules_batch: |
| 80 | + objects: |
| 81 | + - first_position: top |
| 82 | + layer: Network |
| 83 | + list: |
| 84 | + - action: accept |
| 85 | + name: access rule 1 |
| 86 | + - action: accept |
| 87 | + name: access rule 2 |
| 88 | + type: access-rule |
| 89 | + - first_position: top |
| 90 | + layer: Standard |
| 91 | + list: |
| 92 | + - name: nat rule 1 |
| 93 | + - name: nat rule 2 |
| 94 | + type: nat-rule |
| 95 | + - first_position: top |
| 96 | + layer: Default Layer |
| 97 | + list: |
| 98 | + - name: https rule 1 |
| 99 | + - name: https rule 2 |
| 100 | + type: https-rule |
| 101 | +
|
| 102 | +""" |
| 103 | + |
| 104 | +RETURN = """ |
| 105 | +cp_mgmt_add_rules_batch: |
| 106 | + description: The checkpoint add-rules-batch output. |
| 107 | + returned: always. |
| 108 | + type: dict |
| 109 | +""" |
| 110 | + |
| 111 | +from ansible.module_utils.basic import AnsibleModule |
| 112 | +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command |
| 113 | + |
| 114 | + |
| 115 | +def main(): |
| 116 | + argument_spec = dict( |
| 117 | + objects=dict(type='list', elements='dict', options=dict( |
| 118 | + layer=dict(type='str'), |
| 119 | + type=dict(type='str'), |
| 120 | + first_position=dict(type='str'), |
| 121 | + list=dict(type='list', elements='dict') |
| 122 | + )), |
| 123 | + auto_publish_session=dict(type='bool') |
| 124 | + ) |
| 125 | + argument_spec.update(checkpoint_argument_spec_for_commands) |
| 126 | + |
| 127 | + module = AnsibleModule(argument_spec=argument_spec) |
| 128 | + |
| 129 | + command = "add-rules-batch" |
| 130 | + |
| 131 | + result = api_command(module, command) |
| 132 | + module.exit_json(**result) |
| 133 | + |
| 134 | + |
| 135 | +if __name__ == '__main__': |
| 136 | + main() |
0 commit comments