Add checkpoint_session module (#50930)

* Add checkpoint_session module

* Add unit test

* Fix pep8

* Rename Checkpoint for Check Point

5 files changed, 188 insertions, 3 deletions

diff --git a/lib/ansible/modules/network/checkpoint/checkpoint_access_rule.py b/lib/ansible/modules/network/checkpoint/checkpoint_access_rule.py
index c8b0e8557b..131893e90b 100644
--- a/lib/ansible/modules/network/checkpoint/checkpoint_access_rule.py
+++ b/lib/ansible/modules/network/checkpoint/checkpoint_access_rule.py
@@ -263,7 +263,7 @@ def main():
         elif code == 404:
             pass
 
-    result['checkpoint_sid'] = connection.get_sid()
+    result['checkpoint_session_uid'] = connection.get_session_uid()
     module.exit_json(**result)
 
 
diff --git a/lib/ansible/modules/network/checkpoint/checkpoint_host.py b/lib/ansible/modules/network/checkpoint/checkpoint_host.py
index ec1fd1aee1..6a4c76aad5 100644
--- a/lib/ansible/modules/network/checkpoint/checkpoint_host.py
+++ b/lib/ansible/modules/network/checkpoint/checkpoint_host.py
@@ -207,6 +207,7 @@ def main():
         elif code == 404:
             pass
 
+    result['checkpoint_session_uid'] = connection.get_session_uid()
     module.exit_json(**result)
 
 
diff --git a/lib/ansible/modules/network/checkpoint/checkpoint_session.py b/lib/ansible/modules/network/checkpoint/checkpoint_session.py
new file mode 100644
index 0000000000..0f42d7733f
--- /dev/null
+++ b/lib/ansible/modules/network/checkpoint/checkpoint_session.py
@@ -0,0 +1,116 @@
+#!/usr/bin/python
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'network'}
+
+
+DOCUMENTATION = """
+---
+module: checkpoint_session
+short_description: Manages session objects on Check Point over Web Services API
+description:
+  - Manages session objects on Check Point devices performing actions like publish and discard.
+    All operations are performed over Web Services API.
+version_added: "2.8"
+author: "Ansible by Red Hat (@rcarrillocruz)"
+options:
+  uid:
+    description:
+      - UID of the session.
+    type: str
+    required: True
+  state:
+    description:
+      - Action to perform on the session object. Valid choices are published and discarded.
+    type: str
+    choices: ['published', 'discarded']
+    default: published
+"""
+
+EXAMPLES = """
+- name: Publish session
+  checkpoint_session:
+    uid: 7a13a360-9b24-40d7-acd3-5b50247be33e
+    state: published
+
+- name: Discard session
+  checkpoint_session:
+    uid: 7a13a360-9b24-40d7-acd3-5b50247be33e
+    state: discarded
+"""
+
+RETURN = """
+checkpoint_session:
+  description: The checkpoint session output per return from API. It will differ depending on action.
+  returned: always.
+  type: list
+"""
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.checkpoint.checkpoint import publish, discard
+import json
+
+
+def get_session(module, connection):
+    payload = {'uid': module.params['uid']}
+
+    code, result = connection.send_request('/web_api/show-session', payload)
+
+    return code, result
+
+
+def main():
+    argument_spec = dict(
+        uid=dict(type='str', default=None),
+        state=dict(type='str', default='published', choices=['published', 'discarded'])
+    )
+
+    module = AnsibleModule(argument_spec=argument_spec)
+    connection = Connection(module._socket_path)
+    code, response = get_session(module, connection)
+    result = {'changed': False}
+
+    if code == 200:
+        result['changed'] = True
+        payload = None
+
+        if module.params['uid']:
+            payload = {'uid': module.params['uid']}
+
+        if module.params['state'] == 'published':
+            code, response = connection.send_request('/web_api/publish', payload)
+        else:
+            code, response = connection.send_request('/web_api/discard', payload)
+
+        result['checkpoint_session'] = response
+    else:
+        module.fail_json(msg='Check Point device returned error {0} with message {1}'.format(code, response))
+
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()
diff --git a/lib/ansible/plugins/httpapi/checkpoint.py b/lib/ansible/plugins/httpapi/checkpoint.py
index 2a29a1e651..ae304117f9 100644
--- a/lib/ansible/plugins/httpapi/checkpoint.py
+++ b/lib/ansible/plugins/httpapi/checkpoint.py
@@ -40,6 +40,7 @@ class HttpApi(HttpApiBase):
 
         try:
             self.connection._auth = {'X-chkp-sid': response_data['sid']}
+            self.connection._session_uid = response_data['uid']
         except KeyError:
             raise ConnectionError(
                 'Server returned response without token info during connection authentication: %s' % response)
@@ -49,8 +50,8 @@ class HttpApi(HttpApiBase):
 
         response, dummy = self.send_request(url, None)
 
-    def get_sid(self):
-        return self.connection._auth['X-chkp-sid']
+    def get_session_uid(self):
+        return self.connection._session_uid
 
     def send_request(self, path, body_params):
         data = json.dumps(body_params) if body_params else '{}'
diff --git a/test/units/modules/network/checkpoint/test_checkpoint_session.py b/test/units/modules/network/checkpoint/test_checkpoint_session.py
new file mode 100644
index 0000000000..47567c06ed
--- /dev/null
+++ b/test/units/modules/network/checkpoint/test_checkpoint_session.py
@@ -0,0 +1,67 @@
+# Copyright (c) 2018 Red Hat
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import absolute_import
+
+import pytest
+from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleFailJson, AnsibleExitJson
+
+from ansible.module_utils import basic
+from ansible.modules.network.checkpoint import checkpoint_session
+
+OBJECT = {'uid': '1234'}
+PAYLOAD = {}
+
+
+class TestCheckpointAccessRule(object):
+    module = checkpoint_session
+
+    @pytest.fixture(autouse=True)
+    def module_mock(self, mocker):
+        return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json)
+
+    @pytest.fixture
+    def connection_mock(self, mocker):
+        connection_class_mock = mocker.patch('ansible.modules.network.checkpoint.checkpoint_session.Connection')
+        return connection_class_mock.return_value
+
+    @pytest.fixture
+    def get_session_200(self, mocker):
+        mock_function = mocker.patch('ansible.modules.network.checkpoint.checkpoint_session.get_session')
+        mock_function.return_value = (200, OBJECT)
+        return mock_function.return_value
+
+    def test_publish(self, get_session_200, connection_mock):
+        connection_mock.send_request.return_value = (200, OBJECT)
+        result = self._run_module(PAYLOAD)
+
+        assert result['changed']
+        assert 'checkpoint_session' in result
+
+    def _run_module(self, module_args):
+        set_module_args(module_args)
+        with pytest.raises(AnsibleExitJson) as ex:
+            self.module.main()
+        return ex.value.args[0]
+
+    def _run_module_with_fail_json(self, module_args):
+        set_module_args(module_args)
+        with pytest.raises(AnsibleFailJson) as exc:
+            self.module.main()
+        result = exc.value.args[0]
+        return result