Playbook fails if cp_mgmt_hosts is the first task

[duanetoler]

Management server is CloudGuard SmartCenter R81.20 JHF 65

This works:

PLAY [Test]

TASK [check_point.mgmt.cp_mgmt_host_facts]
ok: [cp-mgmt]

TASK [check_point.mgmt.cp_mgmt_hosts] 
ok: [cp-mgmt]

PLAY RECAP
cp-mgmt                  : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

This does not work:

PLAY [Test] 

TASK [check_point.mgmt.cp_mgmt_hosts] 
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Exception: connection error occurred: Login to server failed: {'code': 'err_login_failed', 'message': 'Authentication to server failed.'}
fatal: [cp-mgmt]: FAILED! => {"msg": "Unexpected failure during module execution: connection error occurred: Login to server failed: {'code': 'err_login_failed', 'message': 'Authentication to server failed.'}", "stdout": ""}

PLAY RECAP 
cp-mgmt                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

ansible-playbook -vvv

TASK [check_point.mgmt.cp_mgmt_hosts] ****************************************************************************************************************************************************************************************************************
task path: /home/ansible/playbooks/tests/tests.yml:18
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
The full traceback is:
Traceback (most recent call last):
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 1836, in _httpapi_error_handle
    result = self.api_call_facts(
             ^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 1746, in api_call_facts
    code, response = self.handle_call(
                     ^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 1658, in handle_call
    code, response = send_request(connection, version, api_url, payload)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 247, in send_request
    code, response = connection.send_request(
                     ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ansible/module_utils/connection.py", line 200, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
ansible.module_utils.connection.ConnectionError: Login to server failed: {'code': 'err_login_failed', 'message': 'Authentication to server failed.'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/ansible/executor/task_executor.py", line 158, in run
    res = self._execute()
          ^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ansible/executor/task_executor.py", line 633, in _execute
    result = self._handler.run(task_vars=vars_copy)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_hosts.py", line 250, in run
    self._result["gathered"] = self.search_for_resource_name(
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_hosts.py", line 110, in search_for_resource_name
    search_result = self.search_for_existing_rules(
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_hosts.py", line 86, in search_for_existing_rules
    result = conn_request.post(api_call_object, state, data=search_payload)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 1880, in post
    return self._httpapi_error_handle(obj, state, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 1869, in _httpapi_error_handle
    raise _fail_json("connection error occurred: {0}".format(e))
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 101, in _fail_json
    raise Exception(msg)
Exception: connection error occurred: Login to server failed: {'code': 'err_login_failed', 'message': 'Authentication to server failed.'}
fatal: [cp-mgmt]: FAILED! => {
    "msg": "Unexpected failure during module execution: connection error occurred: Login to server failed: {'code': 'err_login_failed', 'message': 'Authentication to server failed.'}",
    "stdout": ""
}

ansible-galaxy collection list:

check_point.mgmt          5.2.3  

ansible --version:

ansible [core 2.14.11]

[chkp-edenbr]

Hi @duanetoler , You can try using our cp_mgmt_host.py resource module. Regards

[duanetoler]

Yes, that is how I do it normally. However, the host module has a warning to be deprecated in November in favor of the "hosts" action plugin. Looks like the action plugin does not cause the httpapi plugin to login to API server first. Perhaps this is the behavior of action plugins?

[chkp-edenbr]

We will keep supporting cp_mgmt_host.py, and will remove the warning. Thanks

[duanetoler]

We will keep supporting cp_mgmt_host.py, and will remove the warning. Thanks

Oh, nice! Thank you!