diff --git a/lib/ansible/module_utils/network/checkpoint/__init__.py b/lib/ansible/module_utils/network/checkpoint/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/lib/ansible/module_utils/network/checkpoint/checkpoint.py b/lib/ansible/module_utils/network/checkpoint/checkpoint.py new file mode 100644 index 0000000000..61c7854e73 --- /dev/null +++ b/lib/ansible/module_utils/network/checkpoint/checkpoint.py @@ -0,0 +1,36 @@ +# This code is part of Ansible, but is an independent component. +# This particular file snippet, and this file snippet only, is BSD licensed. +# Modules you write using this snippet, which is embedded dynamically by Ansible +# still belong to the author of the module, and may assign their own license +# to the complete work. +# +# (c) 2018 Red Hat Inc. +# +# Redistribution and use in source and binary forms, with or without modification, +# are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + + +def publish(module, connection): + connection.send_request('/web_api/publish', None) + + +def install_policy(module, connection): + payload = {'policy-package': 'standard'} + connection.send_request('/web_api/install-policy', payload) diff --git a/lib/ansible/plugins/httpapi/checkpoint.py b/lib/ansible/plugins/httpapi/checkpoint.py new file mode 100644 index 0000000000..78d084134b --- /dev/null +++ b/lib/ansible/plugins/httpapi/checkpoint.py @@ -0,0 +1,76 @@ +# (c) 2018 Red Hat Inc. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +DOCUMENTATION = """ +--- +author: Ansible Networking Team +httpapi : checkpoint +short_description: HttpApi Plugin for Checkpoint devices +description: + - This HttpApi plugin provides methods to connect to Checkpoint + devices over a HTTP(S)-based api. +version_added: "2.8" +""" + +import json + +from ansible.module_utils.basic import to_text +from ansible.errors import AnsibleConnectionFailure +from ansible.module_utils.six.moves.urllib.error import HTTPError +from ansible.plugins.httpapi import HttpApiBase +from ansible.module_utils.connection import ConnectionError + +BASE_HEADERS = { + 'Content-Type': 'application/json', +} + + +class HttpApi(HttpApiBase): + def login(self, username, password): + if username and password: + payload = {'user': username, 'password': password} + url = '/web_api/login' + response, response_data = self.send_request(url, payload) + else: + raise AnsibleConnectionFailure('Username and password are required for login') + + try: + self.connection._auth = {'X-chkp-sid': response_data['sid']} + except KeyError: + raise ConnectionError( + 'Server returned response without token info during connection authentication: %s' % response) + + def logout(self): + url = '/web_api/logout' + + response, dummy = self.send_request(url, None) + + def send_request(self, path, body_params): + data = json.dumps(body_params) if body_params else '{}' + + try: + self._display_request() + response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS) + value = self._get_response_value(response_data) + + return response.getcode(), self._response_to_json(value) + except HTTPError as e: + error = json.loads(e.read()) + return e.code, error + + def _display_request(self): + self.connection.queue_message('vvvv', 'Web Services: %s %s' % ('POST', self.connection._url)) + + def _get_response_value(self, response_data): + return to_text(response_data.getvalue()) + + def _response_to_json(self, response_text): + try: + return json.loads(response_text) if response_text else {} + # JSONDecodeError only available on Python 3.5+ + except ValueError: + raise ConnectionError('Invalid JSON response: %s' % response_text) diff --git a/test/units/plugins/httpapi/test_checkpoint.py b/test/units/plugins/httpapi/test_checkpoint.py new file mode 100644 index 0000000000..a98237bc51 --- /dev/null +++ b/test/units/plugins/httpapi/test_checkpoint.py @@ -0,0 +1,63 @@ +# (c) 2018 Red Hat Inc. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +import json + +from ansible.module_utils.six.moves.urllib.error import HTTPError +from units.compat import mock +from units.compat import unittest +from units.compat.builtins import BUILTINS +from units.compat.mock import mock_open, patch + +from ansible.errors import AnsibleConnectionFailure +from ansible.module_utils.connection import ConnectionError +from ansible.module_utils.six import BytesIO, StringIO +from ansible.plugins.httpapi.checkpoint import HttpApi + +EXPECTED_BASE_HEADERS = { + 'Content-Type': 'application/json' +} + + +class FakeCheckpointHttpApiPlugin(HttpApi): + def __init__(self, conn): + super(FakeCheckpointHttpApiPlugin, self).__init__(conn) + + +class TestCheckpointHttpApi(unittest.TestCase): + + def setUp(self): + self.connection_mock = mock.Mock() + self.checkpoint_plugin = FakeCheckpointHttpApiPlugin(self.connection_mock) + self.checkpoint_plugin._load_name = 'httpapi' + + def test_login_raises_exception_when_username_and_password_are_not_provided(self): + with self.assertRaises(AnsibleConnectionFailure) as res: + self.checkpoint_plugin.login(None, None) + assert 'Username and password are required' in str(res.exception) + + def test_login_raises_exception_when_invalid_response(self): + self.connection_mock.send.return_value = self._connection_response( + {'NOSIDKEY': 'NOSIDVALUE'} + ) + + with self.assertRaises(ConnectionError) as res: + self.checkpoint_plugin.login('foo', 'bar') + + assert 'Server returned response without token info during connection authentication' in str(res.exception) + + def test_send_request_should_return_error_info_when_http_error_raises(self): + self.connection_mock.send.side_effect = HTTPError('http://testhost.com', 500, '', {}, + StringIO('{"errorMessage": "ERROR"}')) + + resp = self.checkpoint_plugin.send_request('/test', None) + + assert resp == (500, {'errorMessage': 'ERROR'}) + + @staticmethod + def _connection_response(response, status=200): + response_mock = mock.Mock() + response_mock.getcode.return_value = status + response_text = json.dumps(response) if type(response) is dict else response + response_data = BytesIO(response_text.encode() if response_text else ''.encode()) + return response_mock, response_data