Add new parameters to lsm modules and added new modules (#165)

* Added missing fields for lsm_gateway and lsm_gateway
Added new modules user and user facts

* updated files

Author: chkp-dorbe

CHANGELOG.rst

@@ -4,6 +4,26 @@ Check_Point.Mgmt Release Notes
 
 .. contents:: Topics
 
+v6.3.0
+======
+
+Release Summary
+---------------
+
+This is release 6.3.0 of ``check_point.mgmt``, released on 2025-01-23.
+
+Minor Changes
+-------------
+
+- check_point.mgmt.cp_mgmt_lsm_cluster - support additional parameters (dynamic-objects, tags and topology)
+- check_point.mgmt.cp_mgmt_lsm_gateway - support additional parameters (device_id, dynamic-objects, tags and topology)
+
+New Modules
+-----------
+
+- check_point.mgmt.cp_mgmt_user - Manages user objects on Checkpoint over Web Services API
+- check_point.mgmt.cp_mgmt_user_facts - Get user objects facts on Checkpoint over Web Services API
+
 v6.2.1
 ======
 

changelogs/changelog.yaml

@@ -409,21 +409,21 @@ releases:
       - description: Workflow feature - Approve and Publish the session.
         name: cp_mgmt_approve_session
         namespace: ""
-      - description: >
+      - description:
           Check if a target can reach or parse a network feed;
           can work with an existing feed object or with a new one
           (by providing all relevant feed parameters).
         name: cp_mgmt_check_network_feed
         namespace: ""
-      - description: >
+      - description:
           Check if a target can reach or parse a threat IOC feed; can work with an existing feed
           object or with a new one (by providing all relevant feed parameters).
         name: cp_mgmt_check_threat_ioc_feed
         namespace: ""
       - description: Retrieve all existing cluster members in domain.
         name: cp_mgmt_cluster_members_facts
         namespace: ""
-      - description: >
+      - description:
           Securely connect the Management Server to Check Point's Infinity Portal.
           This is a preliminary operation so that the management server can use
           various Check Point cloud-based security services hosted in the Infinity Portal.
@@ -453,12 +453,12 @@ releases:
       - description: Get idp-to-domain-assignment objects facts on Checkpoint over Web Services API
         name: cp_mgmt_idp_to_domain_assignment_facts
         namespace: ""
-      - description: >
+      - description:
           Executes the lsm-install-policy on a given list of targets. Install the LSM policy
           that defined on the attached LSM profile on the targets devices.
         name: cp_mgmt_install_lsm_policy
         namespace: ""
-      - description: >
+      - description:
           Executes the lsm-install-settings on a given list of targets. Install the provisioning
           settings that defined on the object on the targets devices.
         name: cp_mgmt_install_lsm_settings
@@ -505,7 +505,7 @@ releases:
       - description: Get repository-script objects facts on Checkpoint over Web Services API
         name: cp_mgmt_repository_script_facts
         namespace: ""
-      - description: >
+      - description:
           Reset Secure Internal Communication (SIC). To complete the reset operation need also
           to reset the device in the Check Point Configuration Tool (by running cpconfig in Clish or Expert mode).
           Communication will not be possible until you reset and re-initialize the device properly.
@@ -517,7 +517,7 @@ releases:
       - description: Set default Identity Provider assignment to be use for Management server administrator access.
         name: cp_mgmt_set_idp_default_assignment
         namespace: ""
-      - description: >
+      - description:
           Set Identity Provider assignment to domain, to allow administrator login to that domain using
           that identity provider, if there is no Identity Provider assigned to the domain the 'idp-default-assignment' will be used.
           This command only available  for Multi-Domain server.
@@ -535,7 +535,7 @@ releases:
       - description: Retrieve default Identity Provider assignment that used for Management server administrator access.
         name: cp_mgmt_show_idp_default_assignment
         namespace: ""
-      - description: >
+      - description:
           Shows the status of all processes in the current machine (Multi-Domain Server and all Domain Management / Log Servers).
           This command is available only on Multi-Domain Server.
         name: cp_mgmt_show_servers_and_processes
@@ -558,7 +558,7 @@ releases:
       - description: Workflow feature - Submit the session for approval.
         name: cp_mgmt_submit_session
         namespace: ""
-      - description: >
+      - description:
           Test SIC Status reflects the state of the gateway after it has received the certificate issued by the ICA.
           If the SIC status is Unknown then there is no connection between the gateway and the Security Management Server.
           If the SIC status is No Communication, an error message will appear. It may contain specific instructions on how to fix the situation.
@@ -656,7 +656,7 @@ releases:
       - description: Get dynamic-global-network-object objects facts on Checkpoint over Web Services API
         name: cp_mgmt_dynamic_global_network_object_facts
         namespace: ""
-      - description: >
+      - description:
           Export the primary Security Management Server database or the primary Multi-Domain Server database or the
           single Domain database and the applicable Check Point configuration.
         name: cp_mgmt_export_management
@@ -688,7 +688,7 @@ releases:
       - description: Get https-layer objects facts on Checkpoint over Web Services API
         name: cp_mgmt_https_layer_facts
         namespace: ""
-      - description: >
+      - description:
           Import the primary Security Management Server database or the primary Multi-Domain Server database or the single Domain
           database and the applicable Check Point configuration.
         name: cp_mgmt_import_management
@@ -1264,5 +1264,22 @@ releases:
       release_summary: This is release 6.2.1 of ``check_point.mgmt``, released on
         2024-08-28.
     fragments:
-    - 6.2.1.yml
+      - 6.2.1.yml
     release_date: '2024-08-28'
+  6.3.0:
+    changes:
+      minor_changes:
+        - check_point.mgmt.cp_mgmt_lsm_cluster - support additional parameters (dynamic-objects, tags and topology)
+        - check_point.mgmt.cp_mgmt_lsm_gateway - support additional parameters (device_id, dynamic-objects, tags and topology)
+      release_summary: This is release 6.3.0 of ``check_point.mgmt``, released on
+        2025-01-23.
+    fragments:
+      - 6.3.0.yml
+    modules:
+      - description: Manages user objects on Checkpoint over Web Services API
+        name: cp_mgmt_user
+        namespace: ''
+      - description: Get user objects facts on Checkpoint over Web Services API
+        name: cp_mgmt_user_facts
+        namespace: ''
+    release_date: '2025-01-03'

galaxy.yml

@@ -9,17 +9,17 @@ namespace: check_point
 name: mgmt
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 6.2.1
+version: 6.3.0
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
 
 # A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
 # @nicks:irc/im.site#channel'
 authors:
-- Or Soffer <orso@checkpoint.com>
-- Shiran Golzar <shirango@checkpoint.com>
-- Eden Brillant <edenbr@checkpoint.com>
+ - Shiran Golzar <shirango@checkpoint.com>
+ - Eden Brillant <edenbr@checkpoint.com>
+ - Dor Berenstein <dorbe@checkpoint.com>
 
 
 ### OPTIONAL but strongly recommended
@@ -30,7 +30,7 @@ description: Check Point collection for the Management Server
 # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
 # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
 license:
-- GPL-2.0-or-later
+ - GPL-2.0-or-later
 
 # The path to the license file for the collection. This path is relative to the root of the collection. This key is
 # mutually exclusive with 'license'

plugins/modules/cp_mgmt_lsm_cluster.py

@@ -54,6 +54,40 @@
       - LSM profile.
     type: str
     required: True
+  dynamic_objects:
+    description:
+      - Dynamic Objects.
+    type: list
+    elements: dict
+    version_added: "6.3.0"
+    suboptions:
+      name:
+        description:
+          - Object name. Must be unique in the domain.
+        type: str
+      resolved_ip_addresses:
+        description:
+          - Single IP-address or a range of addresses.
+        type: list
+        elements: dict
+        suboptions:
+          ipv4_address:
+            description:
+              - IPv4 Address.
+            type: str
+          ipv4_address_range:
+            description:
+              - IPv4 Address range.
+            type: dict
+            suboptions:
+              from_ipv4_address:
+                description:
+                  - First IPv4 address of the IP address range.
+                type: str
+              to_ipv4_address:
+                description:
+                  - Last IPv4 address of the IP address range.
+                type: str
   interfaces:
     description:
       - Interfaces.
@@ -128,6 +162,37 @@
         description:
           - Comments string.
         type: str
+  topology:
+    description:
+      - Topology.
+    type: dict
+    version_added: "6.3.0"
+    suboptions:
+      manual_vpn_domain:
+        description:
+          - A list of IP-addresses ranges, defined the VPN community network.
+            This field is relevant only when 'manual' option of vpn-domain is checked.
+        type: list
+        elements: dict
+        suboptions:
+          comments:
+            description:
+              - Comments string.
+            type: str
+          from_ipv4_address:
+            description:
+              - First IPv4 address of the IP address range.
+            type: str
+          to_ipv4_address:
+            description:
+              - Last IPv4 address of the IP address range.
+            type: str
+      vpn_domain:
+        description:
+          - VPN Domain type. 'external-interfaces-only' is relevant only for Gaia devices.
+            'hide-behind-gateway-external-ip-address' is relevant only for SMB devices.
+        type: str
+        choices: ['not-defined', 'external-ip-addresses-only', 'hide-behind-gateway-external-ip-address', 'all-ip-addresses-behind-the-gateway', 'manual']
   color:
     description:
       - Color of the object. Should be one of existing colors.
@@ -145,6 +210,12 @@
         representation of the object.
     type: str
     choices: ['uid', 'standard', 'full']
+  tags:
+    description:
+      - Collection of tag identifiers.
+    type: list
+    elements: str
+    version_added: "6.3.0"
   ignore_warnings:
     description:
       - Apply changes ignoring warnings.
@@ -235,6 +306,16 @@ def main():
         name_prefix=dict(type="str"),
         name_suffix=dict(type="str"),
         security_profile=dict(type="str", required=True),
+        dynamic_objects=dict(type='list', elements="dict", options=dict(
+            name=dict(type='str'),
+            resolved_ip_addresses=dict(type='list', elements="dict", options=dict(
+                ipv4_address=dict(type='str'),
+                ipv4_address_range=dict(type='dict', options=dict(
+                    from_ipv4_address=dict(type='str'),
+                    to_ipv4_address=dict(type='str')
+                ))
+            ))
+        )),
         interfaces=dict(
             type="list",
             elements="dict",
@@ -308,6 +389,19 @@ def main():
                 comments=dict(type="str"),
             ),
         ),
+        topology=dict(type='dict', options=dict(
+            manual_vpn_domain=dict(type='list', elements="dict", options=dict(
+                comments=dict(type='str'),
+                from_ipv4_address=dict(type='str'),
+                to_ipv4_address=dict(type='str')
+            )),
+            vpn_domain=dict(type='str',
+                            choices=['not-defined',
+                                     'external-ip-addresses-only',
+                                     'hide-behind-gateway-external-ip-address',
+                                     'all-ip-addresses-behind-the-gateway',
+                                     'manual'])
+        )),
         color=dict(
             type="str",
             choices=[
@@ -351,6 +445,7 @@ def main():
         ),
         comments=dict(type="str"),
         details_level=dict(type="str", choices=["uid", "standard", "full"]),
+        tags=dict(type='list', elements="str"),
         ignore_warnings=dict(type="bool"),
         ignore_errors=dict(type="bool"),
     )