Merge pull request #51 from chkp-ameera/master

Release 6.0.0

Author: chkp-majds

CHANGELOG.rst

@@ -5,39 +5,42 @@ Check_Point.gaia Release Notes
 .. contents:: Topics
 
 
-v7.0.0
+v6.0.0
 ======
 
 Release Summary
 ---------------
 
-this release 7.0.0 of ``check_point.gaia``, released on 2025-1-1.
+this release 6.0.0 of ``check_point.gaia``, released on 2025-1-6.
 
 New Modules
 -----------
 
+- check_point.gaia.cp_gaia_alias_interface – Manage Alias interface of a Check Point machine over Web Services API.
+- check_point.gaia.cp_gaia_alias_interface_facts – Get information about alias interfaces of a Check Point machine over Web Services API.
+- check_point.gaia.cp_gaia_system_group – Manage system groups of a Check Point machine over Web Services API.
+- check_point.gaia.cp_gaia_system_group_facts – Get information about system groups of a Check Point machine over Web Services API.
 - check_point.gaia.cp_gaia_dynamic_content – install policy on a dynamic layer Check Point machine over Web Services API.
 - check_point.gaia.cp_gaia_dynamic_content_layer_facts – get the details of the installed policy on a given dynamic layer on a Check Point machine over Web Services API.
 - check_point.gaia.cp_gaia_dynamic_content_layers_facts – get the details of all dynamic layers on a Check Point machine over Web Services API.
 - check_point.gaia.cp_gaia_simulate_packet – simulate packet rulebase execution on a Check Point machine over Web Services API.
+- check_point.gaia.cp_gaia_virtual_systems_facts – get virtual-system objects facts on Check Point machine over Web Services API.
+- check_point.gaia.cp_gaia_virtual_switch – manages virtual switch on Check Point machine over Web Services API.
+- check_point.gaia.cp_gaia_virtual_switch_facts – get virtual-switch objects facts on Check Point machine over Web Services API.
+- check_point.gaia.cp_gaia_virtual_gateway – manages virtual-gateway objects on Check Point machine over Web Services API.
+- check_point.gaia.cp_gaia_virtual_gateway_facts – get virtual-gateway objects facts on Check Point machine over Web Services API.
+- check_point.gaia.cp_gaia_virtual_vsnext_state_facts – get the VSNext state on Check Point machine over Web Services API.
 
+Major Changes
+---------------
 
-v6.0.0
-======
+- Update physical interfaces to Show/Configure dhcp as part of the request.
 
-Release Summary
+Bugfixes
 ---------------
 
-This is release 6.0.0 of ``check_point.gaia``, released on 2024-12-31.
-
-New Modules
------------
-cp_gaia_virtual_systems_facts – get virtual-system objects facts on Check Point machine over Web Services API.
-cp_gaia_virtual_switch – manages virtual switch on Check Point machine over Web Services API.
-cp_gaia_virtual_switch_facts – get virtual-switch objects facts on Check Point machine over Web Services API.
-cp_gaia_virtual_gateway – manages virtual-gateway objects on Check Point machine over Web Services API.
-cp_gaia_virtual_gateway_facts – get virtual-gateway objects facts on Check Point machine over Web Services API.
-cp_gaia_virtual_vsnext_state_facts – get the VSNext state on Check Point machine over Web Services API.
+- Fix Password expiration lifetime and Password expiration lockout in password policy to accept never as string in addition to integers values.
+- Fix bug: Cannot change password hash of user admin.
 
 
 v5.0.1

README.md

@@ -131,6 +131,11 @@ Modules
 * `cp_gaia_dynamic_content_layer_facts` – get the details of the installed policy on a given dynamic layer on a Check Point machine over Web Services API.
 * `cp_gaia_dynamic_content_layers_facts` – get the details of all dynamic layers on a Check Point machine over Web Services API.
 * `cp_gaia_simulate_packet` – simulate packet rulebase execution on a Check Point machine over Web Services API.
+* `cp_gaia_alias_interface` – Manage Alias interface of a Check Point machine over Web Services API.
+* `cp_gaia_alias_interface_facts` – Get information about alias interfaces of a Check Point machine over Web Services API.
+* `cp_gaia_system_group` – Manage system groups of a Check Point machine over Web Services API.
+* `cp_gaia_system_group_facts` – Get information about system groups of a Check Point machine over Web Services API.
+
 
 ### Code of Conduct
 This collection follows the Ansible project's

plugins/modules/cp_gaia_alias_interface.py

@@ -0,0 +1,99 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+DOCUMENTATION = """
+module: cp_gaia_alias_interface
+author: Duane Toler (@duanetoler)
+description:
+- Modify alias interface.
+short_description: Modify alias interface.
+version_added: '8.0.0'
+notes:
+- Supports C(check_mode).
+options:
+  version:
+    description: Gaia API version for example 1.6.
+    required: False
+    type: str
+  state:
+    description: Ansible state which can be C(present) or C(absent).
+    required: False
+    type: str
+    default: present
+    choices: [present, absent]
+  name:
+    description: Interface name with format "<parent interface>:<id>", for example  eth0:1, eth0:2 .. etc.
+    required: true
+    type: str
+  ipv4_address:
+      description: Interface IPv4 address.
+      required: false
+      type: str
+  ipv4_mask_length:
+      description: Interface IPv4 address mask length.
+      required: false
+      type: int
+"""
+
+EXAMPLES = """
+- name: Set comment field of a alias interface
+  check_point.gaia.cp_gaia_alias_interface:
+    comments: "eth0:1 interface"
+    name: eth0:1
+"""
+
+RETURN = """
+alias_interface:
+  description: The updated interface details.
+  returned: always.
+  type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.gaia.plugins.module_utils.checkpoint import chkp_api_call, checkpoint_argument_spec_for_all
+
+
+def main():
+    # arguments for the module:
+    fields = dict(
+        state=dict(type='str', default='present', choices=['present', 'absent']),
+        name=dict(required=True, type='str'),
+        ipv4_address=dict(required=True, type='str'),
+        ipv4_mask_length=dict(required=True, type='int')
+    )
+    fields.update(checkpoint_argument_spec_for_all)
+    module = AnsibleModule(argument_spec=fields, supports_check_mode=True)
+    api_call_object = 'alias-interface'
+    ignore = ['parent']
+    show_params = ['name']
+    add_params = {}
+    parent_and_id = module.params["name"].split(":")
+    if len(parent_and_id) == 2:
+        add_params = {"parent": parent_and_id[0] }
+
+    res = chkp_api_call(module, api_call_object, True, ignore=ignore, show_params=show_params, add_params=add_params)
+    module.exit_json(**res)
+
+
+if __name__ == "__main__":
+    main()

plugins/modules/cp_gaia_alias_interface_facts.py

@@ -0,0 +1,102 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+DOCUMENTATION = """
+module: cp_gaia_alias_interface_facts
+author: Duane Toler (@duanetoler)
+description:
+- Show alias interface.
+short_description: Show alias interface/s.
+version_added: '8.0.0'
+notes:
+- Supports C(check_mode).
+options:
+  version:
+    description: Gaia API version for example 1.6.
+    required: False
+    type: str
+  name:
+    description: Interface name to show. If not specified, all alias interfaces information is returned.
+    required: false
+    type: str
+"""
+
+EXAMPLES = """
+- name: Show alias interface
+  check_point.gaia.cp_gaia_alias_interface_facts:
+- name: Show alias interface by specifying it's name
+  check_point.gaia.cp_gaia_alias_interface_facts:
+    name: eth0:1
+"""
+
+RETURN = """
+ansible_facts:
+    description: The interface/s facts.
+    returned: always.
+    type: dict
+    contains:
+        objects:
+            description:
+              - List of interfaces.
+            returned: always
+            type: list
+            elements: dict
+            contains:
+                name:
+                    description:
+                      - Interface name.
+                    returned: always
+                    type: str
+                ipv4_address:
+                    description: Interface IPv4 address.
+                    returned: always
+                    type: str
+                ipv4_mask_length:
+                    description: Interface IPv4 address mask length.
+                    returned: always
+                    type: int
+                enabled:
+                    description: Interface State.
+                    returned: always
+                    type: bool
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.gaia.plugins.module_utils.checkpoint import chkp_facts_api_call, checkpoint_argument_spec_for_all
+
+
+def main():
+    # arguments for the module:
+    fields = dict(
+        name=dict(required=False, type='str')
+    )
+    fields.update(checkpoint_argument_spec_for_all)
+    module = AnsibleModule(argument_spec=fields, supports_check_mode=True)
+    api_call_object = "alias-interface"
+
+    res = chkp_facts_api_call(module, api_call_object, True)
+    module.exit_json(ansible_facts=res["ansible_facts"])
+
+
+if __name__ == "__main__":
+    main()

plugins/modules/cp_gaia_password_policy.py

@@ -84,18 +84,18 @@
                         type: int
                         default: 10
             password_expiration_days:
-                description: Password expiration lifetime, Valid values are 60-604800.
+                description: Password expiration lifetime, Valid values are 60-604800 or "never".
                 required: False
-                type: int
+                type: raw
             password_expiration_warning_days:
                 description: Number of days before a password expires that the user gets warned, Valid values are 1-366.
                 required: False
                 type: int
                 default: 7
             password_expiration_maximum_days_before_lock:
-                description: Password expiration lockout in days, Valid values are 1-1827.
+                description: Password expiration lockout in days, Valid values are 1-1827 or "never".
                 required: False
-                type: int
+                type: raw
             must_one_time_password_enabled:
                 description: Forces a user to change their password after it has been set via "User Management"
                              (but not via "Self Password Change" or forced change at login).
@@ -192,9 +192,9 @@ def main():
                         failed_attempts_allowed=dict(type='int', default=10)
                     )
                 ),
-                password_expiration_days=dict(type='int', no_log=True),
+                password_expiration_days=dict(type='raw', no_log=True),
                 password_expiration_warning_days=dict(type='int', default=7, no_log=True),
-                password_expiration_maximum_days_before_lock=dict(type='int', no_log=True),
+                password_expiration_maximum_days_before_lock=dict(type='raw', no_log=True),
                 must_one_time_password_enabled=dict(type='bool', default=False)
             )
         ),
@@ -220,6 +220,28 @@ def main():
     fields.update(checkpoint_argument_spec_for_all)
     module = AnsibleModule(argument_spec=fields, supports_check_mode=True)
 
+    # handle password_expiration_days, it can get never in addition to integer
+    password_expiration_days = module.params.get('password_expiration_days')
+    try:
+        if password_expiration_days is not None:
+            password_expiration_days = int(password_expiration_days)
+    except ValueError:
+        if password_expiration_days == "never":
+            pass
+        else:
+            module.fail_json(msg="The 'password_expiration_days' parameter must be an integer or never.")
+
+    # handle password_expiration_maximum_days_before_lock, it can get never in addition to integer
+    password_expiration_maximum_days_before_lock = module.params.get('password_expiration_maximum_days_before_lock')
+    try:
+        if password_expiration_maximum_days_before_lock is not None:
+            password_expiration_maximum_days_before_lock = int(password_expiration_maximum_days_before_lock)
+    except ValueError:
+        if password_expiration_maximum_days_before_lock == "never":
+            pass
+        else:
+            module.fail_json(msg="The 'password_expiration_maximum_days_before_lock' parameter must be an integer or never.")
+
     api_call_object = 'password-policy'
 
     res = chkp_api_call(module, api_call_object, False)

plugins/modules/cp_gaia_physical_interface.py

@@ -103,6 +103,40 @@
     description: Virtual System ID.
     required: false
     type: int
+  dhcp:
+    description: DHCP configuration.
+    required: false
+    type: dict
+    suboptions:
+        enabled:
+            description: Enable DHCP on this interface.
+            required: False
+            type: bool
+        server_timeout:
+            description: Specifies the amount of time, in seconds,
+                         that must pass between the time that the interface begins to try to determine its address
+                         and the time that it decides that it's not going to be able to contact a server.
+            required: False
+            type: int
+            default: 60
+        retry:
+            description: Specifies the time, in seconds,
+                         that must pass after the interface has determined that there is no DHCP server present
+                         before it tries again to contact a DHCP server.
+            required: False
+            type: int
+            default: 300
+        leasetime:
+            description: Specifies the lease time, in seconds, when requesting for an IP address. Default value is "default" - according to the server.
+            required: False
+            type: int
+        reacquire_timeout:
+            description: When trying to reacquire the last ip address,
+                         The reacquire-timeout statement sets the time, in seconds,
+                         that must elapse after the first try to reacquire the old address before it gives up and tries to discover a new address.
+            required: False
+            type: int
+            default: 10
 
 """
 
@@ -144,7 +178,17 @@ def main():
         mac_addr=dict(required=False, type="str"),
         rx_ringsize=dict(required=False, type="int"),
         speed=dict(required=False, type="str"),
-        ipv6_mask_length=dict(required=False, type="int")
+        ipv6_mask_length=dict(required=False, type="int"),
+        dhcp=dict(
+            type='dict',
+            options=dict(
+                enabled=dict(type='bool'),
+                server_timeout=dict(type='int', default=60),
+                retry=dict(type='int', default=300),
+                leasetime=dict(type='int'),
+                reacquire_timeout=dict(type='int', default=10),
+            )
+        )
     )
     fields.update(checkpoint_argument_spec_for_all)
     module = AnsibleModule(argument_spec=fields, supports_check_mode=True)