From f9079274e776ac5167754720d64112a6ab86b29d Mon Sep 17 00:00:00 2001 From: Ricardo Carrillo Cruz Date: Mon, 7 Jan 2019 14:02:29 +0100 Subject: [PATCH] Checkpoint httpapi plugin (#49929) * Add checkpoint httpapi plugin and access rule facts module * WIP checkpoint_access_rule module * Add publish and install policy, plus fix empty json object request for publish * Refactor publish and install_policy onto module_utils * Add update resource logic * Add checkpoint_host_facts module * Return code and response on get_acess_rule function * Add checkpoint_host module * Add checkpoint_run_script module * Add checkpoint_task_facts module * Show all tasks if no task id is passed Note, this is only available on v1.3 of Checkpoint WS API * Add update logic to checkpoint host * Add full details on get task call * Add checkpoint httpapi plugin * Fix pep8 * Use auth instead of sid property and return False on handle_httperror method * Fix version in docstring * Remove constructor * Remove Accept from base headers * Do not override http error handler and assign Checkpoint sid to connection _auth There is scaffolding in the base class to autoappend the token, given it is assigned to connection _send * Use new connection queue message method instead of display * Remove unused display * Catch ValueError, since it's a parent of JSONDecodeError * Make static methods that are not used outside the class regular methods * Add missing self to previously static methods * Fix logout Was carrying copy pasta from ftd plugin * Remove send_auth_request * Use BASE_HEADERS constant * Simplify copyright header on httpapi plugin * Remove access rule module * Remove unused imports * Add unit test * Fix pep8 * Add test * Add test * Fix pep8 --- .../network/checkpoint/__init__.py | 0 .../network/checkpoint/checkpoint.py | 36 +++++++++ lib/ansible/plugins/httpapi/checkpoint.py | 76 +++++++++++++++++++ test/units/plugins/httpapi/test_checkpoint.py | 63 +++++++++++++++ 4 files changed, 175 insertions(+) create mode 100644 lib/ansible/module_utils/network/checkpoint/__init__.py create mode 100644 lib/ansible/module_utils/network/checkpoint/checkpoint.py create mode 100644 lib/ansible/plugins/httpapi/checkpoint.py create mode 100644 test/units/plugins/httpapi/test_checkpoint.py diff --git a/lib/ansible/module_utils/network/checkpoint/__init__.py b/lib/ansible/module_utils/network/checkpoint/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/lib/ansible/module_utils/network/checkpoint/checkpoint.py b/lib/ansible/module_utils/network/checkpoint/checkpoint.py new file mode 100644 index 0000000000..61c7854e73 --- /dev/null +++ b/lib/ansible/module_utils/network/checkpoint/checkpoint.py @@ -0,0 +1,36 @@ +# This code is part of Ansible, but is an independent component. +# This particular file snippet, and this file snippet only, is BSD licensed. +# Modules you write using this snippet, which is embedded dynamically by Ansible +# still belong to the author of the module, and may assign their own license +# to the complete work. +# +# (c) 2018 Red Hat Inc. +# +# Redistribution and use in source and binary forms, with or without modification, +# are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + + +def publish(module, connection): + connection.send_request('/web_api/publish', None) + + +def install_policy(module, connection): + payload = {'policy-package': 'standard'} + connection.send_request('/web_api/install-policy', payload) diff --git a/lib/ansible/plugins/httpapi/checkpoint.py b/lib/ansible/plugins/httpapi/checkpoint.py new file mode 100644 index 0000000000..78d084134b --- /dev/null +++ b/lib/ansible/plugins/httpapi/checkpoint.py @@ -0,0 +1,76 @@ +# (c) 2018 Red Hat Inc. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +DOCUMENTATION = """ +--- +author: Ansible Networking Team +httpapi : checkpoint +short_description: HttpApi Plugin for Checkpoint devices +description: + - This HttpApi plugin provides methods to connect to Checkpoint + devices over a HTTP(S)-based api. +version_added: "2.8" +""" + +import json + +from ansible.module_utils.basic import to_text +from ansible.errors import AnsibleConnectionFailure +from ansible.module_utils.six.moves.urllib.error import HTTPError +from ansible.plugins.httpapi import HttpApiBase +from ansible.module_utils.connection import ConnectionError + +BASE_HEADERS = { + 'Content-Type': 'application/json', +} + + +class HttpApi(HttpApiBase): + def login(self, username, password): + if username and password: + payload = {'user': username, 'password': password} + url = '/web_api/login' + response, response_data = self.send_request(url, payload) + else: + raise AnsibleConnectionFailure('Username and password are required for login') + + try: + self.connection._auth = {'X-chkp-sid': response_data['sid']} + except KeyError: + raise ConnectionError( + 'Server returned response without token info during connection authentication: %s' % response) + + def logout(self): + url = '/web_api/logout' + + response, dummy = self.send_request(url, None) + + def send_request(self, path, body_params): + data = json.dumps(body_params) if body_params else '{}' + + try: + self._display_request() + response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS) + value = self._get_response_value(response_data) + + return response.getcode(), self._response_to_json(value) + except HTTPError as e: + error = json.loads(e.read()) + return e.code, error + + def _display_request(self): + self.connection.queue_message('vvvv', 'Web Services: %s %s' % ('POST', self.connection._url)) + + def _get_response_value(self, response_data): + return to_text(response_data.getvalue()) + + def _response_to_json(self, response_text): + try: + return json.loads(response_text) if response_text else {} + # JSONDecodeError only available on Python 3.5+ + except ValueError: + raise ConnectionError('Invalid JSON response: %s' % response_text) diff --git a/test/units/plugins/httpapi/test_checkpoint.py b/test/units/plugins/httpapi/test_checkpoint.py new file mode 100644 index 0000000000..a98237bc51 --- /dev/null +++ b/test/units/plugins/httpapi/test_checkpoint.py @@ -0,0 +1,63 @@ +# (c) 2018 Red Hat Inc. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +import json + +from ansible.module_utils.six.moves.urllib.error import HTTPError +from units.compat import mock +from units.compat import unittest +from units.compat.builtins import BUILTINS +from units.compat.mock import mock_open, patch + +from ansible.errors import AnsibleConnectionFailure +from ansible.module_utils.connection import ConnectionError +from ansible.module_utils.six import BytesIO, StringIO +from ansible.plugins.httpapi.checkpoint import HttpApi + +EXPECTED_BASE_HEADERS = { + 'Content-Type': 'application/json' +} + + +class FakeCheckpointHttpApiPlugin(HttpApi): + def __init__(self, conn): + super(FakeCheckpointHttpApiPlugin, self).__init__(conn) + + +class TestCheckpointHttpApi(unittest.TestCase): + + def setUp(self): + self.connection_mock = mock.Mock() + self.checkpoint_plugin = FakeCheckpointHttpApiPlugin(self.connection_mock) + self.checkpoint_plugin._load_name = 'httpapi' + + def test_login_raises_exception_when_username_and_password_are_not_provided(self): + with self.assertRaises(AnsibleConnectionFailure) as res: + self.checkpoint_plugin.login(None, None) + assert 'Username and password are required' in str(res.exception) + + def test_login_raises_exception_when_invalid_response(self): + self.connection_mock.send.return_value = self._connection_response( + {'NOSIDKEY': 'NOSIDVALUE'} + ) + + with self.assertRaises(ConnectionError) as res: + self.checkpoint_plugin.login('foo', 'bar') + + assert 'Server returned response without token info during connection authentication' in str(res.exception) + + def test_send_request_should_return_error_info_when_http_error_raises(self): + self.connection_mock.send.side_effect = HTTPError('http://testhost.com', 500, '', {}, + StringIO('{"errorMessage": "ERROR"}')) + + resp = self.checkpoint_plugin.send_request('/test', None) + + assert resp == (500, {'errorMessage': 'ERROR'}) + + @staticmethod + def _connection_response(response, status=200): + response_mock = mock.Mock() + response_mock.getcode.return_value = status + response_text = json.dumps(response) if type(response) is dict else response + response_data = BytesIO(response_text.encode() if response_text else ''.encode()) + return response_mock, response_data