From 88eb01b660a234cb7e940742a36392ed7b0b1d52 Mon Sep 17 00:00:00 2001 From: Ricardo Carrillo Cruz Date: Thu, 10 Jan 2019 17:04:12 +0100 Subject: [PATCH] Checkpoint host (#49936) * Add checkpoint_host module * Add state param to docstring * Require ip_address if state is present * Make else more explicit by doing and elif 404 * Remove bogus paren * Add checkpoint_host module --- .../network/checkpoint/checkpoint_host.py | 177 ++++++++++++++++++ 1 file changed, 177 insertions(+) create mode 100644 lib/ansible/modules/network/checkpoint/checkpoint_host.py diff --git a/lib/ansible/modules/network/checkpoint/checkpoint_host.py b/lib/ansible/modules/network/checkpoint/checkpoint_host.py new file mode 100644 index 0000000000..e9c8a5df01 --- /dev/null +++ b/lib/ansible/modules/network/checkpoint/checkpoint_host.py @@ -0,0 +1,177 @@ +#!/usr/bin/python +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'network'} + + +DOCUMENTATION = """ +--- +module: checkpoint_host +short_description: Manages host objects on Checkpoint over Web Services API +description: + - Manages host objects on Checkpoint devices including creating, updating, removing access rules objects, + All operations are performed over Web Services API. +version_added: "2.8" +author: "Ansible by Red Hat (@rcarrillocruz)" +options: + name: + description: + - Name of the access rule. + type: str + required: True + ip_address: + description: + - IP address of the host object. + type: str + state: + description: + - State of the access rule (present or absent). Defaults to present. + type: str + default: present +""" + +EXAMPLES = """ +- name: Create host object + checkpoint_host: + name: attacker + ip_address: 192.168.0.15 + +- name: Delete host object + checkpoint_host: + name: attacker + state: absent +""" + +RETURN = """ +checkpoint_hosts: + description: The checkpoint host object created or updated. + returned: always, except when deleting the host. + type: list +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible.module_utils.network.checkpoint.checkpoint import publish, install_policy +import json + + +def get_host(module, connection): + name = module.params['name'] + + payload = {'name': name} + + code, response = connection.send_request('/web_api/show-host', payload) + + return code, response + + +def create_host(module, connection): + name = module.params['name'] + ip_address = module.params['ip_address'] + + payload = {'name': name, + 'ip-address': ip_address} + + code, response = connection.send_request('/web_api/add-host', payload) + + return code, response + + +def update_host(module, connection): + name = module.params['name'] + ip_address = module.params['ip_address'] + + payload = {'name': name, + 'ip-address': ip_address} + + code, response = connection.send_request('/web_api/set-host', payload) + + return code, response + + +def delete_host(module, connection): + name = module.params['name'] + ip_address = module.params['ip_address'] + + payload = {'name': name} + + code, response = connection.send_request('/web_api/delete-host', payload) + + return code, response + + +def needs_update(module, host): + res = False + + if module.params['ip_address'] != host['ipv4-address']: + res = True + + return res + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + state=dict(type='str', default='present') + ) + + required_if = [('state', 'present', 'ip_address')] + module = AnsibleModule(argument_spec=argument_spec) + connection = Connection(module._socket_path) + code, response = get_host(module, connection) + result = {'changed': False} + + if module.params['state'] == 'present': + if code == 200: + if needs_update(module, response): + code, response = update_host(module, connection) + publish(module, connection) + install_policy(module, connection) + result['changed'] = True + result['checkpoint_hosts'] = response + else: + pass + elif code == 404: + code, response = create_host(module, connection) + publish(module, connection) + install_policy(module, connection) + result['changed'] = True + result['checkpoint_hosts'] = response + else: + if code == 200: + # Handle deletion + code, response = delete_host(module, connection) + publish(module, connection) + install_policy(module, connection) + result['changed'] = True + elif code == 404: + pass + + module.exit_json(**result) + + +if __name__ == '__main__': + main()