Module: cp_gaia_password_policy.py does not allow to input "never" as str for password_expiration_days

CheckPointSW / CheckPointAnsibleGAIACollection

An Ansible collection provides control over a Check Point machine using Check Point's web-services APIs.

20 stars 21 forks source link

Module: cp_gaia_password_policy.py does not allow to input "never" as str for password_expiration_days #29

Open asgeb opened 10 months ago

asgeb commented 10 months ago

Hi Guys

Nice work with this Collection

Is it possible to add option to add string "never" for: password_expiration_days and password_expiration_maximum_days_before_lock to allow to revert to default config?

Like this:

password-expiration-days # Password expiration lifetime, default value is 'never'

integer: Valid values are 60-604800

or

string: Optional arguments: never

The same goes for password_expiration_maximum_days_before_lock

duanetoler commented 4 months ago

Hey asgeb,

I'm not part of the Check Point R&D team, just a Check Point partner.

For things like this, you'd likely have to open a TAC case and request a fix. Several Gaia API Ansible modules have problems with inconsistent values between the Ansible modules and Gaia API server, just like what you noted. The issue is that the modules are defined to accept only integers instead of text strings. They'd have to parse every optional parameter value like this one to detect the optional string. It's doable, but it'd be tedious to go back and fix all of them. I agree with you; they should do this. The API accepts the optional string so the Ansible module should be consistent with the API.