CheckPointSW / CheckPointAnsibleMgmtCollection

This Ansible collection provides control over a Check Point Management server using Check Point's web-services APIs.
https://galaxy.ansible.com/check_point/mgmt
Apache License 2.0
40 stars 30 forks source link

Error in schema for cp_mgmt_access_rules_module for VPN #107

Closed Smixi closed 1 year ago

Smixi commented 1 year ago

Hi,

I'm trying to add a rule using this Ansible module.

I figured out that rules that I push that are not using the VPN attribute are created, but those using it fail.

E.g :

- name: Create access rules
  check_point.mgmt.cp_mgmt_access_rules:
    layer: "{{item.layer}}"
    rules: 
      - name: 'RuleName'
        source: 
          - 'RuleSource'
        destination: 
          - 'RuleDest'
        vpn: 
          - community: 
              - name: Any

The documentation is unclear of what the community object must look like. I expected something like above, but it returned

msg: "value of vpn must be one of: Any, All_GwToGw, got: [{'community': [{'name': 'Any'}]}]"}}

So I tried to use something like

` vpn:

or even vpn: Any which outputs : "msg": "dictionary requested, could not parse JSON or key=value"}

It's seems that the webservice documentation uses the later, which is not parsed correctly by ansible because it is defined as having dict elements.

Do you have any recommandation ?

Thanks in advance :).

chkp-edenbr commented 1 year ago

hi @Smixi , Please note that there are two types of parameters:

  1. vpn - accepts the strings Any or All_GwToGw
  2. vpn_list - list of dictionaries. The full documentation exists in the cp_mgmt_access_rule module.

Regards, Eden

Smixi commented 1 year ago

Hi @chkp-edenbr,

I can't find any reference about "Any" or "All_GwToGw" in the module. As described, using vpn: Any fails during parsing by ansible:
"msg": "dictionary requested, could not parse JSON or key=value", which I guess is because the type is list, and not string, by this line

As I mentionned too, using the documented suboptions are parsed by the module, but the API refuse to works with and reject the request.

Do you have any working example I can base upon, or tell me where in the tasks the provided parameters are wrong ?

Regards,

Sami.

chkp-edenbr commented 1 year ago

Hi @Smixi Fix has been added and will be available in the upcoming release. Thanks, Eden

chkp-edenbr commented 1 year ago

Issue fixed in new release v5.1.0. Thanks, Eden