CheckPointSW / CheckPointAnsibleMgmtCollection

This Ansible collection provides control over a Check Point Management server using Check Point's web-services APIs.
https://galaxy.ansible.com/check_point/mgmt
Apache License 2.0
40 stars 30 forks source link

cp_mgmt_publish always publishes and reports changed #66

Closed alex-barth closed 2 years ago

alex-barth commented 2 years ago

Hi,

when calling the cp_mgmt_publish module, the session always gets published, even if there are 0 changes in the current session. Additionally, the module then reports back as "changed", with 0 published changes.

Example output:

{
    "changed": true,
    "publish": {
        "tasks": [
            {
                "task-id": "01234567-89ab-cdef-a5c9-b916bc525c85",
                "task-name": "Publish operation",
                "status": "succeeded",
                "progress-percentage": 100,
                "suppressed": false,
                "task-details": [
                    {
                        "publishResponse": {
                            "numberOfPublishedChanges": 0,
                            "mode": "async"
                        },
                        "revision": "59ad1002-b030-4804-98cc-f202858adcc7"
                    }
                ]
            }
        ]
    },
    "invocation": {
        "module_args": {
            "wait_for_task": true,
            "wait_for_task_timeout": 30,
            "uid": null,
            "version": null
        }
    },
    "_ansible_no_log": false
}

I would expect this module to check if there are changes to publish and only then publish it. Otherwise it should report back "ok". Alternatively it could still publish 0 changes, but then report "ok".

As a workaround I'm using the following changed_when statement:

- name: "Publish changes"
  cp_mgmt_publish:
    wait_for_task: "yes"
  register: __changes
  changed_when: __changes['publish']['tasks'][0]['task-details'][0]['publishResponse']['numberOfPublishedChanges'] > 0

It works, but feels a bit hacky.

Thanks Alex

chkp-shirango commented 2 years ago

Hi @alex-barth,

The "changed" field indicates if the publish command was executed.

Thanks Shiran