1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Add autopublish and autoinstallpolicy behaviour to Checkpoint devices (#50862)

* Add autopublish and autoinstallpolicy behaviour to Checkpoint devices

Up till now we published and installed policy package for every operation,
however operators may not want that and only reconcile changes after a series
of changes.
Added flags to toggle this behaviour, which defaults to autopublish and
autoinstall policy package just as it was till now.
The policy package name defaults to 'standard', since it's the default one
created on the Checkpoint management server on AWS, unsure if that's common
in other setups.

* Change signature for publish and install policy

The module object is not needed

* Fix pep8

* Fix install_policy invocation

Also fix payload in publish/discard, since it seems passing the UID
when it's not needed has issues.

* Add doc fragments

* Remove default value of targets on install_policy method

It's already defaulting to None via checkpoint_arg_spec

* Fix pep8

* Remove doc fragment and push down auto options to resource modules

I realized if I put those options as doc fragments they will show up
on facts module, which do not apply, only on resource modules that
mangle with objects.

* Fix bogus param name and validate modules issues

* Fix bogus param name on checkpoint_host
This commit is contained in:
Ricardo Carrillo Cruz 2019-01-15 11:03:48 +01:00 committed by GitHub
parent bca50b47ed
commit 077d6a63c1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 118 additions and 19 deletions

View file

@ -27,10 +27,33 @@
# #
def publish(module, connection): checkpoint_argument_spec = dict(auto_publish_session=dict(type='bool', default=True),
connection.send_request('/web_api/publish', None) policy_package=dict(type='str', default='standard'),
auto_install_policy=dict(type='bool', default=True),
targets=dict(type='list')
)
def install_policy(module, connection): def publish(connection, uid=None):
payload = {'policy-package': 'standard'} payload = None
if uid:
payload = {'uid': uid}
connection.send_request('/web_api/publish', payload)
def discard(connection, uid=None):
payload = None
if uid:
payload = {'uid': uid}
connection.send_request('/web_api/discard', payload)
def install_policy(connection, policy_package, targets):
payload = {'policy-package': policy_package,
'targets': targets}
connection.send_request('/web_api/install-policy', payload) connection.send_request('/web_api/install-policy', payload)

View file

@ -71,6 +71,27 @@ options:
- State of the access rule (present or absent). Defaults to present. - State of the access rule (present or absent). Defaults to present.
type: str type: str
default: present default: present
auto_publish_session:
description:
- Publish the current session if changes have been performed
after task completes.
type: bool
default: 'yes'
auto_install_policy:
description:
- Install the package policy if changes have been performed
after the task completes.
type: bool
default: 'yes'
policy_package:
description:
- Package policy name to be installed.
type: bool
default: 'standard'
targets:
description:
- Targets to install the package policy on.
type: list
""" """
EXAMPLES = """ EXAMPLES = """
@ -99,7 +120,7 @@ checkpoint_access_rules:
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection from ansible.module_utils.connection import Connection
from ansible.module_utils.network.checkpoint.checkpoint import publish, install_policy from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec, publish, install_policy
import json import json
@ -195,6 +216,7 @@ def main():
enabled=dict(type='bool', default=True), enabled=dict(type='bool', default=True),
state=dict(type='str', default='present') state=dict(type='str', default='present')
) )
argument_spec.update(checkpoint_argument_spec)
required_if = [('state', 'present', ('layer', 'position'))] required_if = [('state', 'present', ('layer', 'position'))]
module = AnsibleModule(argument_spec=argument_spec, required_if=required_if) module = AnsibleModule(argument_spec=argument_spec, required_if=required_if)
@ -206,28 +228,42 @@ def main():
if code == 200: if code == 200:
if needs_update(module, response): if needs_update(module, response):
code, response = update_access_rule(module, connection) code, response = update_access_rule(module, connection)
publish(module, connection) if module.params['auto_publish_session']:
install_policy(module, connection) publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True result['changed'] = True
result['checkpoint_access_rules'] = response result['checkpoint_access_rules'] = response
else: else:
pass pass
elif code == 404: elif code == 404:
code, response = create_access_rule(module, connection) code, response = create_access_rule(module, connection)
publish(module, connection)
install_policy(module, connection) if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True result['changed'] = True
result['checkpoint_access_rules'] = response result['checkpoint_access_rules'] = response
else: else:
if code == 200: if code == 200:
# Handle deletion
code, response = delete_access_rule(module, connection) code, response = delete_access_rule(module, connection)
publish(module, connection)
install_policy(module, connection) if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True result['changed'] = True
elif code == 404: elif code == 404:
pass pass
result['checkpoint_sid'] = connection.get_sid()
module.exit_json(**result) module.exit_json(**result)

View file

@ -49,6 +49,27 @@ options:
- State of the access rule (present or absent). Defaults to present. - State of the access rule (present or absent). Defaults to present.
type: str type: str
default: present default: present
auto_publish_session:
description:
- Publish the current session if changes have been performed
after task completes.
type: bool
default: 'yes'
auto_install_policy:
description:
- Install the package policy if changes have been performed
after the task completes.
type: bool
default: 'yes'
policy_package:
description:
- Package policy name to be installed.
type: bool
default: 'standard'
targets:
description:
- Targets to install the package policy on.
type: list
""" """
EXAMPLES = """ EXAMPLES = """
@ -73,7 +94,7 @@ checkpoint_hosts:
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection from ansible.module_utils.connection import Connection
from ansible.module_utils.network.checkpoint.checkpoint import publish, install_policy from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec, publish, install_policy
import json import json
@ -137,6 +158,7 @@ def main():
ip_address=dict(type='str'), ip_address=dict(type='str'),
state=dict(type='str', default='present') state=dict(type='str', default='present')
) )
argument_spec.update(checkpoint_argument_spec)
required_if = [('state', 'present', 'ip_address')] required_if = [('state', 'present', 'ip_address')]
module = AnsibleModule(argument_spec=argument_spec) module = AnsibleModule(argument_spec=argument_spec)
@ -148,24 +170,39 @@ def main():
if code == 200: if code == 200:
if needs_update(module, response): if needs_update(module, response):
code, response = update_host(module, connection) code, response = update_host(module, connection)
publish(module, connection)
install_policy(module, connection) if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True result['changed'] = True
result['checkpoint_hosts'] = response result['checkpoint_hosts'] = response
else: else:
pass pass
elif code == 404: elif code == 404:
code, response = create_host(module, connection) code, response = create_host(module, connection)
publish(module, connection)
install_policy(module, connection) if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True result['changed'] = True
result['checkpoint_hosts'] = response result['checkpoint_hosts'] = response
else: else:
if code == 200: if code == 200:
# Handle deletion # Handle deletion
code, response = delete_host(module, connection) code, response = delete_host(module, connection)
publish(module, connection)
install_policy(module, connection) if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True result['changed'] = True
elif code == 404: elif code == 404:
pass pass

View file

@ -49,6 +49,9 @@ class HttpApi(HttpApiBase):
response, dummy = self.send_request(url, None) response, dummy = self.send_request(url, None)
def get_sid(self):
return self.connection._auth['X-chkp-sid']
def send_request(self, path, body_params): def send_request(self, path, body_params):
data = json.dumps(body_params) if body_params else '{}' data = json.dumps(body_params) if body_params else '{}'