diff --git a/README.md b/README.md
index 896efe9..a172a75 100644
--- a/README.md
+++ b/README.md
@@ -70,8 +70,8 @@ Note - If you want to run against Ansible version 2.9 instead of the collection,
2. Ansible has a feature called "Check Mode" that enables you to test the
changes without actually changing anything.
3. The login and logout happens automatically.
- 4. If you want to login to a specific domain, in the playbook above, in the `vars`secion, in
- `ansible_checkpoint_domain` key, change the value from `SMC User` to `YOUR_DOMAIN`
+ 4. If you want to login to a specific domain, in the playbook above in the `vars`secion change the domain name to
+ `ansible_checkpoint_domain`
5. There are two ways to publish changes:
a. Set the `auto_publish_session` to `true` as displayed in the example playbook above.
This option will publish only the task which this parameter belongs to.
@@ -81,6 +81,8 @@ Note - If you want to run against Ansible version 2.9 instead of the collection,
7. If you still want to use Ansible version 2.9 instead of this collection (not recommended):
a. In the `hosts` file replace `ansible_network_os=check_point.mgmt.checkpoint` with `ansible_network_os=checkpoint`
b. In the task in the playbook replace the module `check_point.mgmt.cp_mgmt_*` with the module `cp_mgmt_*`
+ 8. Starting from version 1.0.6, when running a command which returns a task-id, and the user chooses to wait for that task to finish
+ (the default is to wait), then the output of the command will be the output of the show-task command (instead of the task-id).
Modules
-------
diff --git a/galaxy.yml b/galaxy.yml
index c529a81..d311bfd 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -9,7 +9,7 @@ namespace: check_point
name: mgmt
# The version of the collection. Must be compatible with semantic versioning
-version: 1.0.5
+version: 1.0.6
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md
diff --git a/plugins/module_utils/checkpoint.py b/plugins/module_utils/checkpoint.py
index be9df92..64c87af 100644
--- a/plugins/module_utils/checkpoint.py
+++ b/plugins/module_utils/checkpoint.py
@@ -99,7 +99,7 @@ def get_payload_from_parameters(params):
# wait for task
def wait_for_task(module, version, connection, task_id):
- task_id_payload = {'task-id': task_id}
+ task_id_payload = {'task-id': task_id, 'details-level': 'full'}
task_complete = False
current_iteration = 0
max_num_iterations = 300
@@ -138,6 +138,8 @@ def wait_for_task(module, version, connection, task_id):
time.sleep(2) # Wait for two seconds
if not task_complete:
module.fail_json(msg="ERROR: Timeout. Task-id: {0}.".format(task_id_payload['task-id']))
+ else:
+ return response
# if failed occurred, in some cases we want to discard changes before exiting. We also notify the user about the `discard`
@@ -199,7 +201,7 @@ def api_command(module, command):
if code == 200:
if module.params['wait_for_task']:
if 'task-id' in response:
- wait_for_task(module, version, connection, response['task-id'])
+ response = wait_for_task(module, version, connection, response['task-id'])
elif 'tasks' in response:
for task in response['tasks']:
if 'task-id' in task:
@@ -428,6 +430,21 @@ def api_call_for_rule(module, api_call_object):
return result
+# check if call is in plural form
+def call_is_plural(api_call_object, payload):
+ is_plural = False
+ if 'access' in api_call_object and payload.get("layer") is None:
+ is_plural = True
+ elif 'threat' in api_call_object and payload.get("layer") is None:
+ is_plural = True
+ elif 'nat' in api_call_object \
+ and payload.get("name") is None \
+ and payload.get("uid") is None \
+ and payload.get("rule-number") is None:
+ is_plural = True
+ return is_plural
+
+
# handle api call facts for rule
def api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version):
payload = get_payload_from_parameters(module.params)
@@ -435,7 +452,7 @@ def api_call_facts_for_rule(module, api_call_object, api_call_object_plural_vers
version = get_version(module)
# if there is no layer, the API command will be in plural version (e.g. show-hosts instead of show-host)
- if payload.get("layer") is None:
+ if call_is_plural(api_call_object, payload):
api_call_object = api_call_object_plural_version
response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False)
diff --git a/plugins/modules/cp_mgmt_add_nat_rule.py b/plugins/modules/cp_mgmt_add_nat_rule.py
new file mode 100644
index 0000000..ff8fb27
--- /dev/null
+++ b/plugins/modules/cp_mgmt_add_nat_rule.py
@@ -0,0 +1,158 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_add_nat_rule
+short_description: Create new object.
+description:
+ - Create new object.
+ - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+ package:
+ description:
+ - Name of the package.
+ type: str
+ position:
+ description:
+ - Position in the rulebase.
+ type: str
+ enabled:
+ description:
+ - Enable/Disable the rule.
+ type: bool
+ install_on:
+ description:
+ - Which Gateways identified by the name or UID to install the policy on.
+ type: list
+ method:
+ description:
+ - Nat method.
+ type: str
+ choices: ['static', 'hide', 'nat64', 'nat46']
+ original_destination:
+ description:
+ - Original destination.
+ type: str
+ original_service:
+ description:
+ - Original service.
+ type: str
+ original_source:
+ description:
+ - Original source.
+ type: str
+ translated_destination:
+ description:
+ - Translated destination.
+ type: str
+ translated_service:
+ description:
+ - Translated service.
+ type: str
+ translated_source:
+ description:
+ - Translated source.
+ type: str
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: add-nat-rule
+ cp_mgmt_add_nat_rule:
+ comments: comment example1 nat999
+ enabled: false
+ install_on:
+ - Policy Targets
+ original_destination: All_Internet
+ original_source: Any
+ package: standard
+ position: 1
+ state: present
+"""
+
+RETURN = """
+cp_mgmt_add_nat_rule:
+ description: The checkpoint add-nat-rule output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ package=dict(type='str'),
+ position=dict(type='str'),
+ enabled=dict(type='bool'),
+ install_on=dict(type='list'),
+ method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']),
+ original_destination=dict(type='str'),
+ original_service=dict(type='str'),
+ original_source=dict(type='str'),
+ translated_destination=dict(type='str'),
+ translated_service=dict(type='str'),
+ translated_source=dict(type='str'),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "add-nat-rule"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/plugins/modules/cp_mgmt_delete_nat_rule.py b/plugins/modules/cp_mgmt_delete_nat_rule.py
new file mode 100644
index 0000000..ef7d19a
--- /dev/null
+++ b/plugins/modules/cp_mgmt_delete_nat_rule.py
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_delete_nat_rule
+short_description: Delete existing object using object name or uid.
+description:
+ - Delete existing object using object name or uid.
+ - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+ rule_number:
+ description:
+ - Rule number.
+ type: str
+ package:
+ description:
+ - Name of the package.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: delete-nat-rule
+ cp_mgmt_delete_nat_rule:
+ package: standard
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_delete_nat_rule:
+ description: The checkpoint delete-nat-rule output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ rule_number=dict(type='str'),
+ package=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "delete-nat-rule"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/plugins/modules/cp_mgmt_install_software_package.py b/plugins/modules/cp_mgmt_install_software_package.py
new file mode 100644
index 0000000..0915141
--- /dev/null
+++ b/plugins/modules/cp_mgmt_install_software_package.py
@@ -0,0 +1,120 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_install_software_package
+short_description: Installs the software package on target machines.
+description:
+ - Installs the software package on target machines.
+ - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - The name of the software package.
+ type: str
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ cluster_installation_settings:
+ description:
+ - Installation settings for cluster.
+ type: dict
+ suboptions:
+ cluster_delay:
+ description:
+ - The delay between end of installation on one cluster members and start of installation on the next cluster member.
+ type: int
+ cluster_strategy:
+ description:
+ - The cluster installation strategy.
+ type: str
+ concurrency_limit:
+ description:
+ - The number of targets, on which the same package is installed at the same time.
+ type: int
+ method:
+ description:
+ - NOTE, Supported from Check Point version R81
+ - How we want to use the package.
+ type: str
+ choices: ['install', 'upgrade']
+ package_location:
+ description:
+ - NOTE, Supported from Check Point version R81
+ - The package repository.
+ type: str
+ choices: ['automatic', 'target-machine', 'central']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: install-software-package
+ cp_mgmt_install_software_package:
+ name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz
+ package_location: automatic
+ targets.1: corporate-gateway
+"""
+
+RETURN = """
+cp_mgmt_install_software_package:
+ description: The checkpoint install-software-package output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ targets=dict(type='list'),
+ cluster_installation_settings=dict(type='dict', options=dict(
+ cluster_delay=dict(type='int'),
+ cluster_strategy=dict(type='str')
+ )),
+ concurrency_limit=dict(type='int'),
+ method=dict(type='str', choices=['install', 'upgrade']),
+ package_location=dict(type='str', choices=['automatic', 'target-machine', 'central'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "install-software-package"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/plugins/modules/cp_mgmt_nat_rule_facts.py b/plugins/modules/cp_mgmt_nat_rule_facts.py
new file mode 100644
index 0000000..50cdc3c
--- /dev/null
+++ b/plugins/modules/cp_mgmt_nat_rule_facts.py
@@ -0,0 +1,202 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_nat_rule_facts
+short_description: Get nat-rule objects facts on Checkpoint over Web Services API
+description:
+ - Get nat-rule objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+ rule_number:
+ description:
+ - Rule number.
+ type: str
+ package:
+ description:
+ - Name of the package.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical
+ operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
+ type: str
+ filter_settings:
+ description:
+ - Sets filter preferences.
+ type: dict
+ suboptions:
+ search_mode:
+ description:
+ - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any'
+ object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell
+ or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
+ type: str
+ choices: ['general', 'packet']
+ packet_search_settings:
+ description:
+ - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
+ type: dict
+ suboptions:
+ expand_group_members:
+ description:
+ - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at
+ least one member of the group.
+ type: bool
+ expand_group_with_exclusion_members:
+ description:
+ - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that
+ match at least one member of the "include" part and is not a member of the "except" part.
+ type: bool
+ match_on_any:
+ description:
+ - Whether to match on 'Any' object.
+ type: bool
+ match_on_group_with_exclusion:
+ description:
+ - Whether to match on a group-with-exclusion.
+ type: bool
+ match_on_negate:
+ description:
+ - Whether to match on a negated cell.
+ type: bool
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ use_object_dictionary:
+ description:
+ - N/A
+ type: bool
+ dereference_group_members:
+ description:
+ - Indicates whether to dereference "members" field by details level for every object in reply.
+ type: bool
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-nat-rule
+ cp_mgmt_nat_rule_facts:
+ package: standard
+
+- name: show-nat-rulebase
+ cp_mgmt_nat_rule_facts:
+ details_level: standard
+ limit: 2
+ offset: 1
+ package: standard
+ use_object_dictionary: true
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule
+
+
+def main():
+ argument_spec = dict(
+ rule_number=dict(type='str'),
+ package=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ filter_settings=dict(type='dict', options=dict(
+ search_mode=dict(type='str', choices=['general', 'packet']),
+ packet_search_settings=dict(type='dict', options=dict(
+ expand_group_members=dict(type='bool'),
+ expand_group_with_exclusion_members=dict(type='bool'),
+ match_on_any=dict(type='bool'),
+ match_on_group_with_exclusion=dict(type='bool'),
+ match_on_negate=dict(type='bool')
+ ))
+ )),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ use_object_dictionary=dict(type='bool'),
+ dereference_group_members=dict(type='bool'),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ api_call_object = "nat-rule"
+ api_call_object_plural_version = "nat-rulebase"
+
+ result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/plugins/modules/cp_mgmt_set_nat_rule.py b/plugins/modules/cp_mgmt_set_nat_rule.py
new file mode 100644
index 0000000..ae9e0fc
--- /dev/null
+++ b/plugins/modules/cp_mgmt_set_nat_rule.py
@@ -0,0 +1,160 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_set_nat_rule
+short_description: Edit existing object using object name or uid.
+description:
+ - Edit existing object using object name or uid.
+ - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+ rule_number:
+ description:
+ - Rule number.
+ type: str
+ package:
+ description:
+ - Name of the package.
+ type: str
+ enabled:
+ description:
+ - Enable/Disable the rule.
+ type: bool
+ install_on:
+ description:
+ - Which Gateways identified by the name or UID to install the policy on.
+ type: list
+ method:
+ description:
+ - Nat method.
+ type: str
+ choices: ['static', 'hide', 'nat64', 'nat46']
+ new_position:
+ description:
+ - New position in the rulebase.
+ type: str
+ original_destination:
+ description:
+ - Original destination.
+ type: str
+ original_service:
+ description:
+ - Original service.
+ type: str
+ original_source:
+ description:
+ - Original source.
+ type: str
+ translated_destination:
+ description:
+ - Translated destination.
+ type: str
+ translated_service:
+ description:
+ - Translated service.
+ type: str
+ translated_source:
+ description:
+ - Translated source.
+ type: str
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: set-nat-rule
+ cp_mgmt_set_nat_rule:
+ comments: rule for RND members RNDNetwork-> RND to Internal Network
+ enabled: false
+ original_service: ssh_version_2
+ original_source: Any
+ package: standard
+ state: present
+"""
+
+RETURN = """
+cp_mgmt_set_nat_rule:
+ description: The checkpoint set-nat-rule output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ rule_number=dict(type='str'),
+ package=dict(type='str'),
+ enabled=dict(type='bool'),
+ install_on=dict(type='list'),
+ method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']),
+ new_position=dict(type='str'),
+ original_destination=dict(type='str'),
+ original_service=dict(type='str'),
+ original_source=dict(type='str'),
+ translated_destination=dict(type='str'),
+ translated_service=dict(type='str'),
+ translated_source=dict(type='str'),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "set-nat-rule"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/plugins/modules/cp_mgmt_show_software_package_details.py b/plugins/modules/cp_mgmt_show_software_package_details.py
new file mode 100644
index 0000000..aa3fda8
--- /dev/null
+++ b/plugins/modules/cp_mgmt_show_software_package_details.py
@@ -0,0 +1,77 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_software_package_details
+short_description: Gets the software package information from the cloud.
+description:
+ - Gets the software package information from the cloud.
+ - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - The name of the software package.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-software-package-details
+ cp_mgmt_show_software_package_details:
+ name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz
+"""
+
+RETURN = """
+cp_mgmt_show_software_package_details:
+ description: The checkpoint show-software-package-details output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-software-package-details"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/plugins/modules/cp_mgmt_uninstall_software_package.py b/plugins/modules/cp_mgmt_uninstall_software_package.py
new file mode 100644
index 0000000..1d35465
--- /dev/null
+++ b/plugins/modules/cp_mgmt_uninstall_software_package.py
@@ -0,0 +1,105 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_uninstall_software_package
+short_description: Uninstalls the software package from target machines.
+description:
+ - Uninstalls the software package from target machines.
+ - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - The name of the software package.
+ type: str
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ cluster_installation_settings:
+ description:
+ - Installation settings for cluster.
+ type: dict
+ suboptions:
+ cluster_delay:
+ description:
+ - The delay between end of installation on one cluster members and start of installation on the next cluster member.
+ type: int
+ cluster_strategy:
+ description:
+ - The cluster installation strategy.
+ type: str
+ concurrency_limit:
+ description:
+ - The number of targets, on which the same package is installed at the same time.
+ type: int
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: uninstall-software-package
+ cp_mgmt_uninstall_software_package:
+ name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz
+ targets.1: corporate-gateway
+"""
+
+RETURN = """
+cp_mgmt_uninstall_software_package:
+ description: The checkpoint uninstall-software-package output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ targets=dict(type='list'),
+ cluster_installation_settings=dict(type='dict', options=dict(
+ cluster_delay=dict(type='int'),
+ cluster_strategy=dict(type='str')
+ )),
+ concurrency_limit=dict(type='int')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "uninstall-software-package"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/plugins/modules/cp_mgmt_verify_software_package.py b/plugins/modules/cp_mgmt_verify_software_package.py
new file mode 100644
index 0000000..d34ec5a
--- /dev/null
+++ b/plugins/modules/cp_mgmt_verify_software_package.py
@@ -0,0 +1,103 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_verify_software_package
+short_description: Verifies the software package on target machines.
+description:
+ - Verifies the software package on target machines.
+ - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - The name of the software package.
+ type: str
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ concurrency_limit:
+ description:
+ - The number of targets, on which the same package is installed at the same time.
+ type: int
+ download_package:
+ description:
+ - NOTE, Supported from Check Point version R81
+ - Should the package be downloaded before verification.
+ type: bool
+ download_package_from:
+ description:
+ - NOTE, Supported from Check Point version R81
+ - Where is the package located.
+ type: str
+ choices: ['automatic', 'central', 'target-machine']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: verify-software-package
+ cp_mgmt_verify_software_package:
+ download_package: 'true'
+ download_package_from: target-machine
+ name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz
+ targets.1: corporate-gateway
+"""
+
+RETURN = """
+cp_mgmt_verify_software_package:
+ description: The checkpoint verify-software-package output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ targets=dict(type='list'),
+ concurrency_limit=dict(type='int'),
+ download_package=dict(type='bool'),
+ download_package_from=dict(type='str', choices=['automatic', 'central', 'target-machine'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "verify-software-package"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/tests/units/modules/test_checkpoint_access_rule.py b/tests/units/modules/test_checkpoint_access_rule.py
index f21f291..e5f70bd 100644
--- a/tests/units/modules/test_checkpoint_access_rule.py
+++ b/tests/units/modules/test_checkpoint_access_rule.py
@@ -41,18 +41,18 @@ def module_mock(self, mocker):
@pytest.fixture
def connection_mock(self, mocker):
- connection_class_mock = mocker.patch('ansible.modules.network.check_point._checkpoint_access_rule.Connection')
+ connection_class_mock = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_access_rule.Connection')
return connection_class_mock.return_value
@pytest.fixture
def get_access_rule_200(self, mocker):
- mock_function = mocker.patch('ansible.modules.network.check_point._checkpoint_access_rule.get_access_rule')
+ mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_access_rule.get_access_rule')
mock_function.return_value = (200, OBJECT)
return mock_function.return_value
@pytest.fixture
def get_access_rule_404(self, mocker):
- mock_function = mocker.patch('ansible.modules.network.check_point._checkpoint_access_rule.get_access_rule')
+ mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_access_rule.get_access_rule')
mock_function.return_value = (404, 'Object not found')
return mock_function.return_value
diff --git a/tests/units/modules/test_checkpoint_host.py b/tests/units/modules/test_checkpoint_host.py
index 4632589..b5720c5 100644
--- a/tests/units/modules/test_checkpoint_host.py
+++ b/tests/units/modules/test_checkpoint_host.py
@@ -41,18 +41,18 @@ def module_mock(self, mocker):
@pytest.fixture
def connection_mock(self, mocker):
- connection_class_mock = mocker.patch('ansible.modules.network.check_point._checkpoint_host.Connection')
+ connection_class_mock = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.Connection')
return connection_class_mock.return_value
@pytest.fixture
def get_host_200(self, mocker):
- mock_function = mocker.patch('ansible.modules.network.check_point._checkpoint_host.get_host')
+ mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.get_host')
mock_function.return_value = (200, OBJECT)
return mock_function.return_value
@pytest.fixture
def get_host_404(self, mocker):
- mock_function = mocker.patch('ansible.modules.network.check_point._checkpoint_host.get_host')
+ mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.get_host')
mock_function.return_value = (404, 'Object not found')
return mock_function.return_value
diff --git a/tests/units/modules/test_checkpoint_session.py b/tests/units/modules/test_checkpoint_session.py
index 2f2d4e0..f0ca835 100644
--- a/tests/units/modules/test_checkpoint_session.py
+++ b/tests/units/modules/test_checkpoint_session.py
@@ -39,12 +39,12 @@ def module_mock(self, mocker):
@pytest.fixture
def connection_mock(self, mocker):
- connection_class_mock = mocker.patch('ansible.modules.network.check_point._checkpoint_session.Connection')
+ connection_class_mock = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_session.Connection')
return connection_class_mock.return_value
@pytest.fixture
def get_session_200(self, mocker):
- mock_function = mocker.patch('ansible.modules.network.check_point._checkpoint_session.get_session')
+ mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_session.get_session')
mock_function.return_value = (200, OBJECT)
return mock_function.return_value
diff --git a/tests/units/modules/test_checkpoint_task_facts.py b/tests/units/modules/test_checkpoint_task_facts.py
index 4632589..b5720c5 100644
--- a/tests/units/modules/test_checkpoint_task_facts.py
+++ b/tests/units/modules/test_checkpoint_task_facts.py
@@ -41,18 +41,18 @@ def module_mock(self, mocker):
@pytest.fixture
def connection_mock(self, mocker):
- connection_class_mock = mocker.patch('ansible.modules.network.check_point._checkpoint_host.Connection')
+ connection_class_mock = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.Connection')
return connection_class_mock.return_value
@pytest.fixture
def get_host_200(self, mocker):
- mock_function = mocker.patch('ansible.modules.network.check_point._checkpoint_host.get_host')
+ mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.get_host')
mock_function.return_value = (200, OBJECT)
return mock_function.return_value
@pytest.fixture
def get_host_404(self, mocker):
- mock_function = mocker.patch('ansible.modules.network.check_point._checkpoint_host.get_host')
+ mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.get_host')
mock_function.return_value = (404, 'Object not found')
return mock_function.return_value
diff --git a/tests/units/modules/test_cp_mgmt_add_nat_rule.py b/tests/units/modules/test_cp_mgmt_add_nat_rule.py
new file mode 100644
index 0000000..dc5dbbf
--- /dev/null
+++ b/tests/units/modules/test_cp_mgmt_add_nat_rule.py
@@ -0,0 +1,79 @@
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+import pytest
+from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
+
+from ansible.module_utils import basic
+from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_add_nat_rule
+
+PAYLOAD = {
+ "package": "standard",
+ "position": 1,
+ "comments": "comment example1 nat999",
+ "enabled": False,
+ "install_on": [
+ "Policy Targets"
+ ],
+ "original_source": "Any",
+ "original_destination": "All_Internet",
+ "wait_for_task": False
+}
+
+RETURN_PAYLOAD = {
+ "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad"
+}
+
+command = 'add-nat-rule'
+failure_msg = '{command failed}'
+
+
+class TestCheckpointAddNatRule(object):
+ module = cp_mgmt_add_nat_rule
+
+ @pytest.fixture(autouse=True)
+ def module_mock(self, mocker):
+ return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
+
+ @pytest.fixture
+ def connection_mock(self, mocker):
+ connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
+ return connection_class_mock.return_value
+
+ def test_command(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (200, RETURN_PAYLOAD)
+ result = self._run_module(PAYLOAD)
+
+ assert result['changed']
+ assert RETURN_PAYLOAD == result[command]
+
+ def test_command_fail(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (404, failure_msg)
+ try:
+ result = self._run_module(PAYLOAD)
+ except Exception as e:
+ result = e.args[0]
+
+ assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg']
+
+ def _run_module(self, module_args):
+ set_module_args(module_args)
+ with pytest.raises(AnsibleExitJson) as ex:
+ self.module.main()
+ return ex.value.args[0]
diff --git a/tests/units/modules/test_cp_mgmt_delete_nat_rule.py b/tests/units/modules/test_cp_mgmt_delete_nat_rule.py
new file mode 100644
index 0000000..9fbfae5
--- /dev/null
+++ b/tests/units/modules/test_cp_mgmt_delete_nat_rule.py
@@ -0,0 +1,71 @@
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+import pytest
+from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
+
+from ansible.module_utils import basic
+from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_delete_nat_rule
+
+PAYLOAD = {
+ "package": "standard",
+ "wait_for_task": False
+}
+
+RETURN_PAYLOAD = {
+ "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad"
+}
+
+command = 'delete-nat-rule'
+failure_msg = '{command failed}'
+
+
+class TestCheckpointDeleteNatRule(object):
+ module = cp_mgmt_delete_nat_rule
+
+ @pytest.fixture(autouse=True)
+ def module_mock(self, mocker):
+ return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
+
+ @pytest.fixture
+ def connection_mock(self, mocker):
+ connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
+ return connection_class_mock.return_value
+
+ def test_command(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (200, RETURN_PAYLOAD)
+ result = self._run_module(PAYLOAD)
+
+ assert result['changed']
+ assert RETURN_PAYLOAD == result[command]
+
+ def test_command_fail(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (404, failure_msg)
+ try:
+ result = self._run_module(PAYLOAD)
+ except Exception as e:
+ result = e.args[0]
+
+ assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg']
+
+ def _run_module(self, module_args):
+ set_module_args(module_args)
+ with pytest.raises(AnsibleExitJson) as ex:
+ self.module.main()
+ return ex.value.args[0]
diff --git a/tests/units/modules/test_cp_mgmt_install_software_package.py b/tests/units/modules/test_cp_mgmt_install_software_package.py
new file mode 100644
index 0000000..4442abb
--- /dev/null
+++ b/tests/units/modules/test_cp_mgmt_install_software_package.py
@@ -0,0 +1,71 @@
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+import pytest
+from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
+
+from ansible.module_utils import basic
+from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_install_software_package
+
+PAYLOAD = {
+ "name": "Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz",
+ "wait_for_task": False
+}
+
+RETURN_PAYLOAD = {
+ "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad"
+}
+
+command = 'install-software-package'
+failure_msg = '{command failed}'
+
+
+class TestCheckpointInstallSoftwarePackage(object):
+ module = cp_mgmt_install_software_package
+
+ @pytest.fixture(autouse=True)
+ def module_mock(self, mocker):
+ return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
+
+ @pytest.fixture
+ def connection_mock(self, mocker):
+ connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
+ return connection_class_mock.return_value
+
+ def test_command(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (200, RETURN_PAYLOAD)
+ result = self._run_module(PAYLOAD)
+
+ assert result['changed']
+ assert RETURN_PAYLOAD == result[command]
+
+ def test_command_fail(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (404, failure_msg)
+ try:
+ result = self._run_module(PAYLOAD)
+ except Exception as e:
+ result = e.args[0]
+
+ assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg']
+
+ def _run_module(self, module_args):
+ set_module_args(module_args)
+ with pytest.raises(AnsibleExitJson) as ex:
+ self.module.main()
+ return ex.value.args[0]
diff --git a/tests/units/modules/test_cp_mgmt_nat_rule_facts.py b/tests/units/modules/test_cp_mgmt_nat_rule_facts.py
new file mode 100644
index 0000000..eae9cf6
--- /dev/null
+++ b/tests/units/modules/test_cp_mgmt_nat_rule_facts.py
@@ -0,0 +1,82 @@
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+import pytest
+from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
+
+from ansible.module_utils import basic
+from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_nat_rule_facts
+
+OBJECT = {
+ "from": 1,
+ "to": 1,
+ "total": 6,
+ "objects": [
+ "53de74b7-8f19-4cbe-99fc-a81ef0759bad"
+ ]
+}
+
+SHOW_PLURAL_PAYLOAD = {
+ 'limit': 1,
+ 'details_level': 'uid'
+}
+
+SHOW_SINGLE_PAYLOAD = {
+ 'name': 'object_which_is_not_exist'
+}
+
+api_call_object = 'nat-rule'
+api_call_object_plural_version = 'nat-rulebase'
+failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}'''
+
+
+class TestCheckpointNatRuleFacts(object):
+ module = cp_mgmt_nat_rule_facts
+
+ @pytest.fixture(autouse=True)
+ def module_mock(self, mocker):
+ return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
+
+ @pytest.fixture
+ def connection_mock(self, mocker):
+ connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
+ return connection_class_mock.return_value
+
+ def test_show_single_object_which_is_not_exist(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (404, failure_msg)
+ try:
+ result = self._run_module(SHOW_SINGLE_PAYLOAD)
+ except Exception as e:
+ result = e.args[0]
+
+ assert result['failed']
+ assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg']
+
+ def test_show_few_objects(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (200, OBJECT)
+ result = self._run_module(SHOW_PLURAL_PAYLOAD)
+
+ assert not result['changed']
+ assert OBJECT == result['ansible_facts'][api_call_object_plural_version]
+
+ def _run_module(self, module_args):
+ set_module_args(module_args)
+ with pytest.raises(AnsibleExitJson) as ex:
+ self.module.main()
+ return ex.value.args[0]
diff --git a/tests/units/modules/test_cp_mgmt_set_nat_rule.py b/tests/units/modules/test_cp_mgmt_set_nat_rule.py
new file mode 100644
index 0000000..9defa2b
--- /dev/null
+++ b/tests/units/modules/test_cp_mgmt_set_nat_rule.py
@@ -0,0 +1,75 @@
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+import pytest
+from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
+
+from ansible.module_utils import basic
+from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_set_nat_rule
+
+PAYLOAD = {
+ "package": "standard",
+ "enabled": False,
+ "comments": "rule for RND members RNDNetwork-> RND to Internal Network",
+ "original_service": "ssh_version_2",
+ "original_source": "Any",
+ "wait_for_task": False
+}
+
+RETURN_PAYLOAD = {
+ "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad"
+}
+
+command = 'set-nat-rule'
+failure_msg = '{command failed}'
+
+
+class TestCheckpointSetNatRule(object):
+ module = cp_mgmt_set_nat_rule
+
+ @pytest.fixture(autouse=True)
+ def module_mock(self, mocker):
+ return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
+
+ @pytest.fixture
+ def connection_mock(self, mocker):
+ connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
+ return connection_class_mock.return_value
+
+ def test_command(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (200, RETURN_PAYLOAD)
+ result = self._run_module(PAYLOAD)
+
+ assert result['changed']
+ assert RETURN_PAYLOAD == result[command]
+
+ def test_command_fail(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (404, failure_msg)
+ try:
+ result = self._run_module(PAYLOAD)
+ except Exception as e:
+ result = e.args[0]
+
+ assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg']
+
+ def _run_module(self, module_args):
+ set_module_args(module_args)
+ with pytest.raises(AnsibleExitJson) as ex:
+ self.module.main()
+ return ex.value.args[0]
diff --git a/tests/units/modules/test_cp_mgmt_show_software_package_details.py b/tests/units/modules/test_cp_mgmt_show_software_package_details.py
new file mode 100644
index 0000000..71f5818
--- /dev/null
+++ b/tests/units/modules/test_cp_mgmt_show_software_package_details.py
@@ -0,0 +1,71 @@
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+import pytest
+from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
+
+from ansible.module_utils import basic
+from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_show_software_package_details
+
+PAYLOAD = {
+ "name": "Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz",
+ "wait_for_task": False
+}
+
+RETURN_PAYLOAD = {
+ "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad"
+}
+
+command = 'show-software-package-details'
+failure_msg = '{command failed}'
+
+
+class TestCheckpointShowSoftwarePackageDetails(object):
+ module = cp_mgmt_show_software_package_details
+
+ @pytest.fixture(autouse=True)
+ def module_mock(self, mocker):
+ return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
+
+ @pytest.fixture
+ def connection_mock(self, mocker):
+ connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
+ return connection_class_mock.return_value
+
+ def test_command(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (200, RETURN_PAYLOAD)
+ result = self._run_module(PAYLOAD)
+
+ assert result['changed']
+ assert RETURN_PAYLOAD == result[command]
+
+ def test_command_fail(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (404, failure_msg)
+ try:
+ result = self._run_module(PAYLOAD)
+ except Exception as e:
+ result = e.args[0]
+
+ assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg']
+
+ def _run_module(self, module_args):
+ set_module_args(module_args)
+ with pytest.raises(AnsibleExitJson) as ex:
+ self.module.main()
+ return ex.value.args[0]
diff --git a/tests/units/modules/test_cp_mgmt_uninstall_software_package.py b/tests/units/modules/test_cp_mgmt_uninstall_software_package.py
new file mode 100644
index 0000000..09bb5c3
--- /dev/null
+++ b/tests/units/modules/test_cp_mgmt_uninstall_software_package.py
@@ -0,0 +1,71 @@
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+import pytest
+from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
+
+from ansible.module_utils import basic
+from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_uninstall_software_package
+
+PAYLOAD = {
+ "name": "Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz",
+ "wait_for_task": False
+}
+
+RETURN_PAYLOAD = {
+ "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad"
+}
+
+command = 'uninstall-software-package'
+failure_msg = '{command failed}'
+
+
+class TestCheckpointUninstallSoftwarePackage(object):
+ module = cp_mgmt_uninstall_software_package
+
+ @pytest.fixture(autouse=True)
+ def module_mock(self, mocker):
+ return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
+
+ @pytest.fixture
+ def connection_mock(self, mocker):
+ connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
+ return connection_class_mock.return_value
+
+ def test_command(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (200, RETURN_PAYLOAD)
+ result = self._run_module(PAYLOAD)
+
+ assert result['changed']
+ assert RETURN_PAYLOAD == result[command]
+
+ def test_command_fail(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (404, failure_msg)
+ try:
+ result = self._run_module(PAYLOAD)
+ except Exception as e:
+ result = e.args[0]
+
+ assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg']
+
+ def _run_module(self, module_args):
+ set_module_args(module_args)
+ with pytest.raises(AnsibleExitJson) as ex:
+ self.module.main()
+ return ex.value.args[0]
diff --git a/tests/units/modules/test_cp_mgmt_verify_software_package.py b/tests/units/modules/test_cp_mgmt_verify_software_package.py
new file mode 100644
index 0000000..8a89e42
--- /dev/null
+++ b/tests/units/modules/test_cp_mgmt_verify_software_package.py
@@ -0,0 +1,71 @@
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+import pytest
+from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson
+
+from ansible.module_utils import basic
+from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_verify_software_package
+
+PAYLOAD = {
+ "name": "Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz",
+ "wait_for_task": False
+}
+
+RETURN_PAYLOAD = {
+ "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad"
+}
+
+command = 'verify-software-package'
+failure_msg = '{command failed}'
+
+
+class TestCheckpointVerifySoftwarePackage(object):
+ module = cp_mgmt_verify_software_package
+
+ @pytest.fixture(autouse=True)
+ def module_mock(self, mocker):
+ return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
+
+ @pytest.fixture
+ def connection_mock(self, mocker):
+ connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection')
+ return connection_class_mock.return_value
+
+ def test_command(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (200, RETURN_PAYLOAD)
+ result = self._run_module(PAYLOAD)
+
+ assert result['changed']
+ assert RETURN_PAYLOAD == result[command]
+
+ def test_command_fail(self, mocker, connection_mock):
+ connection_mock.send_request.return_value = (404, failure_msg)
+ try:
+ result = self._run_module(PAYLOAD)
+ except Exception as e:
+ result = e.args[0]
+
+ assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg']
+
+ def _run_module(self, module_args):
+ set_module_args(module_args)
+ with pytest.raises(AnsibleExitJson) as ex:
+ self.module.main()
+ return ex.value.args[0]