diff options
Diffstat (limited to 'lib/ansible/modules/network/check_point/cp_mgmt_access_rule.py')
-rw-r--r-- | lib/ansible/modules/network/check_point/cp_mgmt_access_rule.py | 354 |
1 files changed, 0 insertions, 354 deletions
diff --git a/lib/ansible/modules/network/check_point/cp_mgmt_access_rule.py b/lib/ansible/modules/network/check_point/cp_mgmt_access_rule.py deleted file mode 100644 index f904f70c8b..0000000000 --- a/lib/ansible/modules/network/check_point/cp_mgmt_access_rule.py +++ /dev/null @@ -1,354 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# -# Ansible module to manage Check Point Firewall (c) 2019 -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see <http://www.gnu.org/licenses/>. -# - -from __future__ import (absolute_import, division, print_function) - -__metaclass__ = type - -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} - -DOCUMENTATION = """ ---- -module: cp_mgmt_access_rule -short_description: Manages access-rule objects on Check Point over Web Services API -description: - - Manages access-rule objects on Check Point devices including creating, updating and removing objects. - - All operations are performed over Web Services API. -version_added: "2.9" -author: "Or Soffer (@chkp-orso)" -options: - layer: - description: - - Layer that the rule belongs to identified by the name or UID. - type: str - position: - description: - - Position in the rulebase. - type: str - name: - description: - - Object name. - type: str - required: True - action: - description: - - a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer". - type: str - action_settings: - description: - - Action settings. - type: dict - suboptions: - enable_identity_captive_portal: - description: - - N/A - type: bool - limit: - description: - - N/A - type: str - content: - description: - - List of processed file types that this rule applies on. - type: list - content_direction: - description: - - On which direction the file types processing is applied. - type: str - choices: ['any', 'up', 'down'] - content_negate: - description: - - True if negate is set for data. - type: bool - custom_fields: - description: - - Custom fields. - type: dict - suboptions: - field_1: - description: - - First custom field. - type: str - field_2: - description: - - Second custom field. - type: str - field_3: - description: - - Third custom field. - type: str - destination: - description: - - Collection of Network objects identified by the name or UID. - type: list - destination_negate: - description: - - True if negate is set for destination. - type: bool - enabled: - description: - - Enable/Disable the rule. - type: bool - inline_layer: - description: - - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer". - type: str - install_on: - description: - - Which Gateways identified by the name or UID to install the policy on. - type: list - service: - description: - - Collection of Network objects identified by the name or UID. - type: list - service_negate: - description: - - True if negate is set for service. - type: bool - source: - description: - - Collection of Network objects identified by the name or UID. - type: list - source_negate: - description: - - True if negate is set for source. - type: bool - time: - description: - - List of time objects. For example, "Weekend", "Off-Work", "Every-Day". - type: list - track: - description: - - Track Settings. - type: dict - suboptions: - accounting: - description: - - Turns accounting for track on and off. - type: bool - alert: - description: - - Type of alert for the track. - type: str - choices: ['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3'] - enable_firewall_session: - description: - - Determine whether to generate session log to firewall only connections. - type: bool - per_connection: - description: - - Determines whether to perform the log per connection. - type: bool - per_session: - description: - - Determines whether to perform the log per session. - type: bool - type: - description: - - a "Log", "Extended Log", "Detailed Log", "None". - type: str - user_check: - description: - - User check settings. - type: dict - suboptions: - confirm: - description: - - N/A - type: str - choices: ['per rule', 'per category', 'per application/site', 'per data type'] - custom_frequency: - description: - - N/A - type: dict - suboptions: - every: - description: - - N/A - type: int - unit: - description: - - N/A - type: str - choices: ['hours', 'days', 'weeks', 'months'] - frequency: - description: - - N/A - type: str - choices: ['once a day', 'once a week', 'once a month', 'custom frequency...'] - interaction: - description: - - N/A - type: str - vpn: - description: - - Communities or Directional. - type: list - suboptions: - community: - description: - - List of community name or UID. - type: list - directional: - description: - - Communities directional match condition. - type: list - suboptions: - from: - description: - - From community name or UID. - type: str - to: - description: - - To community name or UID. - type: str - comments: - description: - - Comments string. - type: str - details_level: - description: - - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed - representation of the object. - type: str - choices: ['uid', 'standard', 'full'] - ignore_warnings: - description: - - Apply changes ignoring warnings. - type: bool - ignore_errors: - description: - - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. - type: bool -extends_documentation_fragment: checkpoint_objects -""" - -EXAMPLES = """ -- name: add-access-rule - cp_mgmt_access_rule: - layer: Network - name: Rule 1 - position: 1 - service: - - SMTP - - AOL - state: present - -- name: set-access-rule - cp_mgmt_access_rule: - action: Ask - action_settings: - enable_identity_captive_portal: true - limit: Upload_1Gbps - layer: Network - name: Rule 1 - state: present - -- name: delete-access-rule - cp_mgmt_access_rule: - layer: Network - name: Rule 2 - state: absent -""" - -RETURN = """ -cp_mgmt_access_rule: - description: The checkpoint object created or updated. - returned: always, except when deleting the object. - type: dict -""" - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule - - -def main(): - argument_spec = dict( - layer=dict(type='str'), - position=dict(type='str'), - name=dict(type='str', required=True), - action=dict(type='str'), - action_settings=dict(type='dict', options=dict( - enable_identity_captive_portal=dict(type='bool'), - limit=dict(type='str') - )), - content=dict(type='list'), - content_direction=dict(type='str', choices=['any', 'up', 'down']), - content_negate=dict(type='bool'), - custom_fields=dict(type='dict', options=dict( - field_1=dict(type='str'), - field_2=dict(type='str'), - field_3=dict(type='str') - )), - destination=dict(type='list'), - destination_negate=dict(type='bool'), - enabled=dict(type='bool'), - inline_layer=dict(type='str'), - install_on=dict(type='list'), - service=dict(type='list'), - service_negate=dict(type='bool'), - source=dict(type='list'), - source_negate=dict(type='bool'), - time=dict(type='list'), - track=dict(type='dict', options=dict( - accounting=dict(type='bool'), - alert=dict(type='str', choices=['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']), - enable_firewall_session=dict(type='bool'), - per_connection=dict(type='bool'), - per_session=dict(type='bool'), - type=dict(type='str') - )), - user_check=dict(type='dict', options=dict( - confirm=dict(type='str', choices=['per rule', 'per category', 'per application/site', 'per data type']), - custom_frequency=dict(type='dict', options=dict( - every=dict(type='int'), - unit=dict(type='str', choices=['hours', 'days', 'weeks', 'months']) - )), - frequency=dict(type='str', choices=['once a day', 'once a week', 'once a month', 'custom frequency...']), - interaction=dict(type='str') - )), - vpn=dict(type='list', options=dict( - community=dict(type='list'), - directional=dict(type='list', options=dict( - to=dict(type='str') - )) - )), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') - ) - argument_spec['vpn']['options']['directional']['options']['from'] = dict(type='str') - argument_spec.update(checkpoint_argument_spec_for_objects) - - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'access-rule' - - if module.params['action'] is None and module.params['position'] is None: - result = api_call(module, api_call_object) - else: - result = api_call_for_rule(module, api_call_object) - - module.exit_json(**result) - - -if __name__ == '__main__': - main() |