community.general/lib/ansible/plugins/httpapi/checkpoint.py

# (c) 2018 Red Hat Inc.
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import (absolute_import, division, print_function)

__metaclass__ = type

DOCUMENTATION = """
---
author: Ansible Networking Team
httpapi : checkpoint
short_description: HttpApi Plugin for Checkpoint devices
description:
  - This HttpApi plugin provides methods to connect to Checkpoint
    devices over a HTTP(S)-based api.
version_added: "2.8"
"""

import json

from ansible.module_utils.basic import to_text
from ansible.errors import AnsibleConnectionFailure
from ansible.module_utils.six.moves.urllib.error import HTTPError
from ansible.plugins.httpapi import HttpApiBase
from ansible.module_utils.connection import ConnectionError

BASE_HEADERS = {
    'Content-Type': 'application/json',
}


class HttpApi(HttpApiBase):
    def login(self, username, password):
        if username and password:
            payload = {'user': username, 'password': password}
            url = '/web_api/login'
            response, response_data = self.send_request(url, payload)
        else:
            raise AnsibleConnectionFailure('Username and password are required for login')

        try:
            self.connection._auth = {'X-chkp-sid': response_data['sid']}
            self.connection._session_uid = response_data['uid']
        except KeyError:
            raise ConnectionError(
                'Server returned response without token info during connection authentication: %s' % response)

    def logout(self):
        url = '/web_api/logout'

        response, dummy = self.send_request(url, None)

    def get_session_uid(self):
        return self.connection._session_uid

    def send_request(self, path, body_params):
        data = json.dumps(body_params) if body_params else '{}'

        try:
            self._display_request()
            response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS)
            value = self._get_response_value(response_data)

            return response.getcode(), self._response_to_json(value)
        except AnsibleConnectionFailure as e:
            return 404, 'Object not found'
        except HTTPError as e:
            error = json.loads(e.read())
            return e.code, error

    def _display_request(self):
        self.connection.queue_message('vvvv', 'Web Services: %s %s' % ('POST', self.connection._url))

    def _get_response_value(self, response_data):
        return to_text(response_data.getvalue())

    def _response_to_json(self, response_text):
        try:
            return json.loads(response_text) if response_text else {}
        # JSONDecodeError only available on Python 3.5+
        except ValueError:
            raise ConnectionError('Invalid JSON response: %s' % response_text)
Checkpoint httpapi plugin (#49929) * Add checkpoint httpapi plugin and access rule facts module * WIP checkpoint_access_rule module * Add publish and install policy, plus fix empty json object request for publish * Refactor publish and install_policy onto module_utils * Add update resource logic * Add checkpoint_host_facts module * Return code and response on get_acess_rule function * Add checkpoint_host module * Add checkpoint_run_script module * Add checkpoint_task_facts module * Show all tasks if no task id is passed Note, this is only available on v1.3 of Checkpoint WS API * Add update logic to checkpoint host * Add full details on get task call * Add checkpoint httpapi plugin * Fix pep8 * Use auth instead of sid property and return False on handle_httperror method * Fix version in docstring * Remove constructor * Remove Accept from base headers * Do not override http error handler and assign Checkpoint sid to connection _auth There is scaffolding in the base class to autoappend the token, given it is assigned to connection _send * Use new connection queue message method instead of display * Remove unused display * Catch ValueError, since it's a parent of JSONDecodeError * Make static methods that are not used outside the class regular methods * Add missing self to previously static methods * Fix logout Was carrying copy pasta from ftd plugin * Remove send_auth_request * Use BASE_HEADERS constant * Simplify copyright header on httpapi plugin * Remove access rule module * Remove unused imports * Add unit test * Fix pep8 * Add test * Add test * Fix pep8 2019-01-07 13:02:29 +00:00			`# (c) 2018 Red Hat Inc.`
			`# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)`

			`from __future__ import (absolute_import, division, print_function)`

			`__metaclass__ = type`

			`DOCUMENTATION = """`
			`---`
			`author: Ansible Networking Team`
			`httpapi : checkpoint`
			`short_description: HttpApi Plugin for Checkpoint devices`
			`description:`
			`- This HttpApi plugin provides methods to connect to Checkpoint`
			`devices over a HTTP(S)-based api.`
			`version_added: "2.8"`
			`"""`

			`import json`

			`from ansible.module_utils.basic import to_text`
			`from ansible.errors import AnsibleConnectionFailure`
			`from ansible.module_utils.six.moves.urllib.error import HTTPError`
			`from ansible.plugins.httpapi import HttpApiBase`
			`from ansible.module_utils.connection import ConnectionError`

			`BASE_HEADERS = {`
			`'Content-Type': 'application/json',`
			`}`


			`class HttpApi(HttpApiBase):`
			`def login(self, username, password):`
			`if username and password:`
			`payload = {'user': username, 'password': password}`
			`url = '/web_api/login'`
			`response, response_data = self.send_request(url, payload)`
			`else:`
			`raise AnsibleConnectionFailure('Username and password are required for login')`

			`try:`
			`self.connection._auth = {'X-chkp-sid': response_data['sid']}`
Add checkpoint_session module (#50930) * Add checkpoint_session module * Add unit test * Fix pep8 * Rename Checkpoint for Check Point 2019-01-16 12:19:36 +00:00			`self.connection._session_uid = response_data['uid']`
Checkpoint httpapi plugin (#49929) * Add checkpoint httpapi plugin and access rule facts module * WIP checkpoint_access_rule module * Add publish and install policy, plus fix empty json object request for publish * Refactor publish and install_policy onto module_utils * Add update resource logic * Add checkpoint_host_facts module * Return code and response on get_acess_rule function * Add checkpoint_host module * Add checkpoint_run_script module * Add checkpoint_task_facts module * Show all tasks if no task id is passed Note, this is only available on v1.3 of Checkpoint WS API * Add update logic to checkpoint host * Add full details on get task call * Add checkpoint httpapi plugin * Fix pep8 * Use auth instead of sid property and return False on handle_httperror method * Fix version in docstring * Remove constructor * Remove Accept from base headers * Do not override http error handler and assign Checkpoint sid to connection _auth There is scaffolding in the base class to autoappend the token, given it is assigned to connection _send * Use new connection queue message method instead of display * Remove unused display * Catch ValueError, since it's a parent of JSONDecodeError * Make static methods that are not used outside the class regular methods * Add missing self to previously static methods * Fix logout Was carrying copy pasta from ftd plugin * Remove send_auth_request * Use BASE_HEADERS constant * Simplify copyright header on httpapi plugin * Remove access rule module * Remove unused imports * Add unit test * Fix pep8 * Add test * Add test * Fix pep8 2019-01-07 13:02:29 +00:00			`except KeyError:`
			`raise ConnectionError(`
			`'Server returned response without token info during connection authentication: %s' % response)`

			`def logout(self):`
			`url = '/web_api/logout'`

			`response, dummy = self.send_request(url, None)`

Add checkpoint_session module (#50930) * Add checkpoint_session module * Add unit test * Fix pep8 * Rename Checkpoint for Check Point 2019-01-16 12:19:36 +00:00			`def get_session_uid(self):`
			`return self.connection._session_uid`
Add autopublish and autoinstallpolicy behaviour to Checkpoint devices (#50862) * Add autopublish and autoinstallpolicy behaviour to Checkpoint devices Up till now we published and installed policy package for every operation, however operators may not want that and only reconcile changes after a series of changes. Added flags to toggle this behaviour, which defaults to autopublish and autoinstall policy package just as it was till now. The policy package name defaults to 'standard', since it's the default one created on the Checkpoint management server on AWS, unsure if that's common in other setups. * Change signature for publish and install policy The module object is not needed * Fix pep8 * Fix install_policy invocation Also fix payload in publish/discard, since it seems passing the UID when it's not needed has issues. * Add doc fragments * Remove default value of targets on install_policy method It's already defaulting to None via checkpoint_arg_spec * Fix pep8 * Remove doc fragment and push down auto options to resource modules I realized if I put those options as doc fragments they will show up on facts module, which do not apply, only on resource modules that mangle with objects. * Fix bogus param name and validate modules issues * Fix bogus param name on checkpoint_host 2019-01-15 10:03:48 +00:00
Checkpoint httpapi plugin (#49929) * Add checkpoint httpapi plugin and access rule facts module * WIP checkpoint_access_rule module * Add publish and install policy, plus fix empty json object request for publish * Refactor publish and install_policy onto module_utils * Add update resource logic * Add checkpoint_host_facts module * Return code and response on get_acess_rule function * Add checkpoint_host module * Add checkpoint_run_script module * Add checkpoint_task_facts module * Show all tasks if no task id is passed Note, this is only available on v1.3 of Checkpoint WS API * Add update logic to checkpoint host * Add full details on get task call * Add checkpoint httpapi plugin * Fix pep8 * Use auth instead of sid property and return False on handle_httperror method * Fix version in docstring * Remove constructor * Remove Accept from base headers * Do not override http error handler and assign Checkpoint sid to connection _auth There is scaffolding in the base class to autoappend the token, given it is assigned to connection _send * Use new connection queue message method instead of display * Remove unused display * Catch ValueError, since it's a parent of JSONDecodeError * Make static methods that are not used outside the class regular methods * Add missing self to previously static methods * Fix logout Was carrying copy pasta from ftd plugin * Remove send_auth_request * Use BASE_HEADERS constant * Simplify copyright header on httpapi plugin * Remove access rule module * Remove unused imports * Add unit test * Fix pep8 * Add test * Add test * Fix pep8 2019-01-07 13:02:29 +00:00			`def send_request(self, path, body_params):`
			`data = json.dumps(body_params) if body_params else '{}'`

			`try:`
			`self._display_request()`
			`response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS)`
			`value = self._get_response_value(response_data)`

			`return response.getcode(), self._response_to_json(value)`
Checkpoint access rule (#49937) * WIP checkpoint_access_rule module * Add fixes and docstrings * Add dunder init * Fix sanity tests issues * Fix sanity test * Add RETURN and EXAMPLES * Fix example * Fix pep8 * Add tests * Fix pep8 * Fix pep8 2019-01-09 10:25:18 +00:00			`except AnsibleConnectionFailure as e:`
			`return 404, 'Object not found'`
Checkpoint httpapi plugin (#49929) * Add checkpoint httpapi plugin and access rule facts module * WIP checkpoint_access_rule module * Add publish and install policy, plus fix empty json object request for publish * Refactor publish and install_policy onto module_utils * Add update resource logic * Add checkpoint_host_facts module * Return code and response on get_acess_rule function * Add checkpoint_host module * Add checkpoint_run_script module * Add checkpoint_task_facts module * Show all tasks if no task id is passed Note, this is only available on v1.3 of Checkpoint WS API * Add update logic to checkpoint host * Add full details on get task call * Add checkpoint httpapi plugin * Fix pep8 * Use auth instead of sid property and return False on handle_httperror method * Fix version in docstring * Remove constructor * Remove Accept from base headers * Do not override http error handler and assign Checkpoint sid to connection _auth There is scaffolding in the base class to autoappend the token, given it is assigned to connection _send * Use new connection queue message method instead of display * Remove unused display * Catch ValueError, since it's a parent of JSONDecodeError * Make static methods that are not used outside the class regular methods * Add missing self to previously static methods * Fix logout Was carrying copy pasta from ftd plugin * Remove send_auth_request * Use BASE_HEADERS constant * Simplify copyright header on httpapi plugin * Remove access rule module * Remove unused imports * Add unit test * Fix pep8 * Add test * Add test * Fix pep8 2019-01-07 13:02:29 +00:00			`except HTTPError as e:`
			`error = json.loads(e.read())`
			`return e.code, error`

			`def _display_request(self):`
			`self.connection.queue_message('vvvv', 'Web Services: %s %s' % ('POST', self.connection._url))`

			`def _get_response_value(self, response_data):`
			`return to_text(response_data.getvalue())`

			`def _response_to_json(self, response_text):`
			`try:`
			`return json.loads(response_text) if response_text else {}`
			`# JSONDecodeError only available on Python 3.5+`
			`except ValueError:`
			`raise ConnectionError('Invalid JSON response: %s' % response_text)`