From a38167e53d6c6ff6770fb3bec31a3dc2f037468e Mon Sep 17 00:00:00 2001 From: chkp-royl Date: Sun, 10 Nov 2024 13:48:19 +0200 Subject: [PATCH 1/3] Add generic api resource --- checkpoint/provider.go | 1 + ..._checkpoint_management_command_gaia_api.go | 45 ++++----- ...ource_checkpoint_management_generic_api.go | 93 +++++++++++++++++++ website/checkpoint.erb | 3 + ...eckpoint_management_gaia_api.html.markdown | 35 +++++-- ...point_management_generic_api.html.markdown | 58 ++++++++++++ 6 files changed, 204 insertions(+), 31 deletions(-) create mode 100644 checkpoint/resource_checkpoint_management_generic_api.go create mode 100644 website/docs/r/checkpoint_management_generic_api.html.markdown diff --git a/checkpoint/provider.go b/checkpoint/provider.go index b7ee957d..98a65ea8 100644 --- a/checkpoint/provider.go +++ b/checkpoint/provider.go @@ -328,6 +328,7 @@ func Provider() terraform.ResourceProvider { "checkpoint_management_cme_gw_configurations_aws": resourceManagementCMEGWConfigurationsAWS(), "checkpoint_management_cme_gw_configurations_azure": resourceManagementCMEGWConfigurationsAzure(), "checkpoint_management_cme_gw_configurations_gcp": resourceManagementCMEGWConfigurationsGCP(), + "checkpoint_generic_api": resourceManagementGenericApi(), }, DataSourcesMap: map[string]*schema.Resource{ "checkpoint_management_outbound_inspection_certificate": dataSourceManagementOutboundInspectionCertificate(), diff --git a/checkpoint/resource_checkpoint_management_command_gaia_api.go b/checkpoint/resource_checkpoint_management_command_gaia_api.go index b3fe79bc..f81431a3 100644 --- a/checkpoint/resource_checkpoint_management_command_gaia_api.go +++ b/checkpoint/resource_checkpoint_management_command_gaia_api.go @@ -6,7 +6,6 @@ import ( checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "log" ) func resourceManagementGaiaApi() *schema.Resource { @@ -15,44 +14,47 @@ func resourceManagementGaiaApi() *schema.Resource { Read: readManagementGaiaApi, Delete: deleteManagementGaiaApi, Schema: map[string]*schema.Schema{ - "target": { + "command_name": { Type: schema.TypeString, Required: true, ForceNew: true, - Description: "Gateway-object-name or gateway-ip-address or gateway-UID.", + Description: "GAIA API command name or path", }, - "other_parameter": { + "target": { Type: schema.TypeString, - Optional: true, + Required: true, ForceNew: true, - Description: "Other input parameters that gateway needs it.", + Description: "Gateway object name or Gateway IP address or Gateway UID", }, - "command_name": { + "other_parameter": { Type: schema.TypeString, - Required: true, + Optional: true, ForceNew: true, - Description: "Target's api command.", + Description: "Other input parameters for the request payload in JSON format", }, "response_message": { Type: schema.TypeString, Computed: true, - Description: "Response's object from the target in json format.\n", + Description: "Response message in JSON format", }, }, } } func createManagementGaiaApi(d *schema.ResourceData, m interface{}) error { - client := m.(*checkpoint.ApiClient) var payload = map[string]interface{}{} - if v, ok := d.GetOk("target"); ok { - payload["target"] = v.(string) - } if v, ok := d.GetOk("other_parameter"); ok { - payload["other-parameter"] = v.(string) + err := json.Unmarshal([]byte(v.(string)), &payload) + if err != nil { + return fmt.Errorf(err.Error()) + } + } + + if v, ok := d.GetOk("target"); ok { + payload["target"] = v.(string) } commandName := "gaia-api/" + d.Get("command_name").(string) @@ -65,19 +67,13 @@ func createManagementGaiaApi(d *schema.ResourceData, m interface{}) error { return fmt.Errorf(GaiaApiRes.ErrorMsg) } - gaiaApi := GaiaApiRes.GetData() - - if v := gaiaApi["command-name"]; v != nil { - _ = d.Set("command_name", v) - } + gaiaApiResponse := GaiaApiRes.GetData() - if v := gaiaApi["response-message"]; v != nil { + if v := gaiaApiResponse["response-message"]; v != nil { valToReturn, err := json.Marshal(v) - if err != nil { - log.Println(err.Error()) + return fmt.Errorf(err.Error()) } - _ = d.Set("response_message", string(valToReturn)) } @@ -90,7 +86,6 @@ func readManagementGaiaApi(d *schema.ResourceData, m interface{}) error { } func deleteManagementGaiaApi(d *schema.ResourceData, m interface{}) error { - d.SetId("") return nil } diff --git a/checkpoint/resource_checkpoint_management_generic_api.go b/checkpoint/resource_checkpoint_management_generic_api.go new file mode 100644 index 00000000..ff32ee18 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_generic_api.go @@ -0,0 +1,93 @@ +package checkpoint + +import ( + "encoding/json" + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" +) + +func resourceManagementGenericApi() *schema.Resource { + return &schema.Resource{ + Create: createManagementGenericApi, + Read: readManagementGenericApi, + Delete: deleteManagementGenericApi, + Schema: map[string]*schema.Schema{ + "api_command": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: "API command name or path", + }, + "payload": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: "Request payload in JSON format", + }, + "method": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: "HTTP request method", + Default: "POST", + }, + "response": { + Type: schema.TypeString, + Computed: true, + Description: "Response message in JSON format", + }, + }, + } +} + +func createManagementGenericApi(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + apiCommand := d.Get("api_command").(string) + + // Convert payload from string to map + var payload = map[string]interface{}{} + if v, ok := d.GetOk("payload"); ok { + err := json.Unmarshal([]byte(v.(string)), &payload) + if err != nil { + return fmt.Errorf(err.Error()) + } + } + + var method string + if v, ok := d.GetOk("method"); ok { + method = v.(string) + } + + genericApiRes, err := client.ApiCall(apiCommand, payload, client.GetSessionID(), true, client.IsProxyUsed(), method) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !genericApiRes.Success { + return fmt.Errorf(genericApiRes.ErrorMsg) + } + + // Convert response from map to string + jsonResponse, err := json.Marshal(genericApiRes.GetData()) + if err != nil { + return fmt.Errorf(err.Error()) + } + if jsonResponse != nil { + _ = d.Set("response", string(jsonResponse)) + } + + d.SetId("generic-api-" + apiCommand + "-" + acctest.RandString(10)) + + return readManagementGaiaApi(d, m) +} + +func readManagementGenericApi(d *schema.ResourceData, m interface{}) error { + return nil +} + +func deleteManagementGenericApi(d *schema.ResourceData, m interface{}) error { + d.SetId("") + return nil +} diff --git a/website/checkpoint.erb b/website/checkpoint.erb index 500965d9..9ba8eed4 100644 --- a/website/checkpoint.erb +++ b/website/checkpoint.erb @@ -660,6 +660,9 @@ > checkpoint_management_vsx_provisioning_tool + + > + checkpoint_generic_api diff --git a/website/docs/r/checkpoint_management_gaia_api.html.markdown b/website/docs/r/checkpoint_management_gaia_api.html.markdown index cf2f53ec..ba6a8c24 100644 --- a/website/docs/r/checkpoint_management_gaia_api.html.markdown +++ b/website/docs/r/checkpoint_management_gaia_api.html.markdown @@ -8,26 +8,49 @@ This resource allows you to execute Check Point Gaia Api. # Resource: checkpoint_management_command_gaia_api -This resource allows you to execute Check Point Gaia Api. +This resource allows you to run generic `gaia-api` command from the Management.
+See the [GAIA API reference](https://sc1.checkpoint.com/documents/latest/GaiaAPIs/index.html) for a complete list of APIs you can run on your Check Point server.
+NOTE: Please add a rule to allow the connection from the management to the targets.
## Example Usage ```hcl -resource "checkpoint_management_command_gaia_api" "example" { +resource "checkpoint_management_command_gaia_api" "example1" { target = "my_gateway" command_name = "show-hostname" } + +resource "checkpoint_management_command_gaia_api" "example2" { + target = "my_gateway" + command_name = "show-interface" + other_parameter = < +See the [Management API reference](https://sc1.checkpoint.com/documents/latest/APIs/index.html) or [GAIA API reference](https://sc1.checkpoint.com/documents/latest/GaiaAPIs/index.html) for a complete list of APIs you can run on your Check Point server.
+NOTE: If you configure the provider [context](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#context-1) to `gaia_api` you can execute only GAIA API and GAIA resources. Management API or any other resources will not be supported. + +## Example Usage + + +```hcl +# Run generic Management API when provider context is 'web_api' +resource "checkpoint_generic_api" "api1" { + api_command = "add-host" + payload = < Date: Wed, 11 Dec 2024 12:01:56 +0200 Subject: [PATCH 2/3] Update go sdk version and general fixes --- checkpoint/provider.go | 1 - ....go => resource_checkpoint_generic_api.go} | 0 ...anagement_command_vsx_provisioning_tool.go | 16 ++-- go.mod | 2 +- go.sum | 4 +- .../cp-mgmt-api-go-sdk/APIFiles/APIClient.go | 88 +++--------------- .../APIFiles/APIResponse.go | 89 ++++++++++++++++++- vendor/modules.txt | 2 +- website/docs/index.html.markdown | 62 +++++-------- ...n => checkpoint_generic_api.html.markdown} | 6 +- ...gement_vsx_provisioning_tool.html.markdown | 6 +- 11 files changed, 142 insertions(+), 134 deletions(-) rename checkpoint/{resource_checkpoint_management_generic_api.go => resource_checkpoint_generic_api.go} (100%) rename website/docs/r/{checkpoint_management_generic_api.html.markdown => checkpoint_generic_api.html.markdown} (88%) diff --git a/checkpoint/provider.go b/checkpoint/provider.go index 98a65ea8..11a71864 100644 --- a/checkpoint/provider.go +++ b/checkpoint/provider.go @@ -510,7 +510,6 @@ func Provider() terraform.ResourceProvider { } func providerConfigure(data *schema.ResourceData) (interface{}, error) { - server := data.Get("server").(string) username := data.Get("username").(string) password := data.Get("password").(string) diff --git a/checkpoint/resource_checkpoint_management_generic_api.go b/checkpoint/resource_checkpoint_generic_api.go similarity index 100% rename from checkpoint/resource_checkpoint_management_generic_api.go rename to checkpoint/resource_checkpoint_generic_api.go diff --git a/checkpoint/resource_checkpoint_management_command_vsx_provisioning_tool.go b/checkpoint/resource_checkpoint_management_command_vsx_provisioning_tool.go index a26f30f8..feef221c 100644 --- a/checkpoint/resource_checkpoint_management_command_vsx_provisioning_tool.go +++ b/checkpoint/resource_checkpoint_management_command_vsx_provisioning_tool.go @@ -1511,14 +1511,20 @@ func createManagementVsxProvisioningTool(d *schema.ResourceData, m interface{}) payload["set-vd-params"] = res } - VsxProvisioningToolRes, _ := client.ApiCall("vsx-provisioning-tool", payload, client.GetSessionID(), true, false) - if !VsxProvisioningToolRes.Success { - return fmt.Errorf(VsxProvisioningToolRes.ErrorMsg) + vsxProvisioningToolRes, err := client.ApiCall("vsx-provisioning-tool", payload, client.GetSessionID(), true, client.IsProxyUsed()) + + log.Println("vsx-provisioning-tool result is ", vsxProvisioningToolRes) + + if err != nil { + return fmt.Errorf(err.Error()) + } + + if !vsxProvisioningToolRes.Success { + return fmt.Errorf(vsxProvisioningToolRes.ErrorMsg) } d.SetId("vsx-provisioning-tool-" + acctest.RandString(10)) - log.Println("result is ", VsxProvisioningToolRes) - _ = d.Set("task_id", resolveTaskId(VsxProvisioningToolRes.GetData())) + _ = d.Set("task_id", resolveTaskId(vsxProvisioningToolRes.GetData())) return readManagementVsxProvisioningTool(d, m) } diff --git a/go.mod b/go.mod index 3675ea43..030e276e 100644 --- a/go.mod +++ b/go.mod @@ -1,7 +1,7 @@ module github.com/CheckPointSW/terraform-provider-checkpoint require ( - github.com/CheckPointSW/cp-mgmt-api-go-sdk v1.7.2 + github.com/CheckPointSW/cp-mgmt-api-go-sdk v1.8.0 github.com/hashicorp/terraform-plugin-sdk v1.17.0 ) diff --git a/go.sum b/go.sum index 522c57de..0675f716 100644 --- a/go.sum +++ b/go.sum @@ -35,8 +35,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/CheckPointSW/cp-mgmt-api-go-sdk v1.7.2 h1:D6nyYm1N1IxjL9ZgSp7p4UAlIAAGZVmMRs7XDyRMGIo= -github.com/CheckPointSW/cp-mgmt-api-go-sdk v1.7.2/go.mod h1:3NU+v6M7/Er4fECsNh7SlDwdsCYImVVqp14A01xBmU4= +github.com/CheckPointSW/cp-mgmt-api-go-sdk v1.8.0 h1:Ptp9byIc8/v1jP+migEpt39/0x4JqTi48V36yBuhChk= +github.com/CheckPointSW/cp-mgmt-api-go-sdk v1.8.0/go.mod h1:3NU+v6M7/Er4fECsNh7SlDwdsCYImVVqp14A01xBmU4= github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= diff --git a/vendor/github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles/APIClient.go b/vendor/github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles/APIClient.go index 7b68307a..f1fb9019 100644 --- a/vendor/github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles/APIClient.go +++ b/vendor/github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles/APIClient.go @@ -23,7 +23,6 @@ import ( "io/ioutil" "net/http" "os" - "reflect" "strconv" "strings" "sync" @@ -403,6 +402,7 @@ func (c *ApiClient) apiCall(command string, payload map[string]interface{}, sid req.Header.Set("Content-Type", "application/json") req.Header.Set("User-Agent", c.userAgent) + req.Header.Set("Accept", "*/*") if command != "login" { req.Header.Set("X-chkp-sid", sid) @@ -444,60 +444,7 @@ func (c *ApiClient) apiCall(command string, payload map[string]interface{}, sid } if !res.Success { - resCode := "" - resMsg := "" - if code := res.GetData()["code"]; code != nil { - resCode = code.(string) - } - if msg := res.GetData()["message"]; msg != nil { - resMsg = msg.(string) - } - - fullErrorMsg := "failed to execute API call" + - "\nStatus: " + res.StatusCode + - "\nCode: " + resCode + - "\nMessage: " + resMsg - - if errorMsg := res.data["errors"]; errorMsg != nil { - fullErrorMsg += "\nErrors: " - errorMsgType := reflect.TypeOf(errorMsg).Kind() - if errorMsgType == reflect.String { - fullErrorMsg += errorMsg.(string) + "\n" - } else { - errorsList := res.data["errors"].([]interface{}) - for i := range errorsList { - fullErrorMsg += "\n" + strconv.Itoa(i+1) + ". " + errorsList[i].(map[string]interface{})["message"].(string) - } - } - } - - if warningMsg := res.data["warnings"]; warningMsg != nil { - fullErrorMsg += "\nWarnings: " - warningMsgType := reflect.TypeOf(warningMsg).Kind() - if warningMsgType == reflect.String { - fullErrorMsg += warningMsg.(string) + "\n" - } else { - warningsList := res.data["warnings"].([]interface{}) - for i := range warningsList { - fullErrorMsg += "\n" + strconv.Itoa(i+1) + ". " + warningsList[i].(map[string]interface{})["message"].(string) - } - } - } - - if blockingError := res.data["blocking-errors"]; blockingError != nil { - fullErrorMsg += "\nBlocking errors: " - warningMsgType := reflect.TypeOf(blockingError).Kind() - if warningMsgType == reflect.String { - fullErrorMsg += blockingError.(string) + "\n" - } else { - blockingErrorsList := res.data["blocking-errors"].([]interface{}) - for i := range blockingErrorsList { - fullErrorMsg += "\n" + strconv.Itoa(i+1) + ". " + blockingErrorsList[i].(map[string]interface{})["message"].(string) - } - } - } - - res.ErrorMsg = fullErrorMsg + res.ErrorMsg = res.buildGenericErrMsg() } if waitForTask == true && res.Success && command != "show-task" { @@ -814,22 +761,7 @@ func (c *ApiClient) waitForTasks(taskObjects []interface{}) APIResponse { fmt.Println("Problem showing tasks, try again") } - - if taskRes.Success { - if v, ok := taskRes.GetData()["tasks"]; ok { - tasks := v.([]interface{}) - if len(tasks) > 0 { - for _, task := range tasks { - status := task.(map[string]interface{})["status"].(string) - if status == "failed" || status == "partially succeeded" { - taskRes.Success = false - break - } - } - } - } - } - + checkTasksStatus(&taskRes) return taskRes } @@ -842,14 +774,16 @@ task_result: api_response returned from "show-task" command return: */ func checkTasksStatus(taskResult *APIResponse) { - - for _, task := range taskResult.data["tasks"].([]interface{}) { - if task.(map[string]interface{})["status"] == "failed" || task.(map[string]interface{})["status"] == "partially succeeded" { - taskResult.setSuccessStatus(false) - break + if v := taskResult.data["tasks"]; v != nil { + for _, task := range taskResult.data["tasks"].([]interface{}) { + if task.(map[string]interface{})["status"] == "failed" || task.(map[string]interface{})["status"] == "partially succeeded" { + taskResult.setSuccessStatus(false) + taskResult.StatusCode = "" + taskResult.setErrMsg(taskResult.buildGenericErrMsg()) + break + } } } - } /* diff --git a/vendor/github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles/APIResponse.go b/vendor/github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles/APIResponse.go index 07454628..ee5c8e3a 100644 --- a/vendor/github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles/APIResponse.go +++ b/vendor/github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles/APIResponse.go @@ -3,6 +3,8 @@ package api_go_sdk import ( "encoding/json" "net/http" + "reflect" + "strconv" ) const OkResponseCode string = "200 OK" @@ -44,7 +46,6 @@ func (r *APIResponse) GetResTmp() map[string]interface{} { return r.resObj } - // Convert API Response to a map func (r *APIResponse) asGoMap() map[string]interface{} { dict := map[string]interface{}{ @@ -63,7 +64,91 @@ func (r *APIResponse) asGoMap() map[string]interface{} { /* Set the response success status status: input status - */ +*/ func (r *APIResponse) setSuccessStatus(status bool) { r.Success = status } + +func (r *APIResponse) buildGenericErrMsg() string { + response := r.GetData() + errMsg := "Failed to execute API call" + + if tasks := response["tasks"]; tasks != nil { + tasksList := tasks.([]interface{}) + if len(tasksList) > 0 { + for i := range tasksList { + task := tasksList[i].(map[string]interface{}) + errMsg += "\nTask: " + task["task-name"].(string) + "\nMessage: " + if taskDetails := task["task-details"]; taskDetails != nil { + taskDetailsList := taskDetails.([]interface{}) + if len(taskDetailsList) > 0 { + for j := range taskDetailsList { + if v := taskDetailsList[j].(map[string]interface{})["fault-message"]; v != nil { + errMsg += v.(string) + } + } + } + } + } + } + } else { + resCode := "" + resMsg := "" + if code := response["code"]; code != nil { + resCode = code.(string) + } + if msg := response["message"]; msg != nil { + resMsg = msg.(string) + } + + errMsg += + "\nStatus: " + r.StatusCode + + "\nCode: " + resCode + + "\nMessage: " + resMsg + + if errorMsg := response["errors"]; errorMsg != nil { + errMsg += "\nErrors: " + errorMsgType := reflect.TypeOf(errorMsg).Kind() + if errorMsgType == reflect.String { + errMsg += errorMsg.(string) + "\n" + } else { + errorsList := response["errors"].([]interface{}) + for i := range errorsList { + errMsg += "\n" + strconv.Itoa(i+1) + ". " + errorsList[i].(map[string]interface{})["message"].(string) + } + } + } + + if warningMsg := response["warnings"]; warningMsg != nil { + errMsg += "\nWarnings: " + warningMsgType := reflect.TypeOf(warningMsg).Kind() + if warningMsgType == reflect.String { + errMsg += warningMsg.(string) + "\n" + } else { + warningsList := response["warnings"].([]interface{}) + for i := range warningsList { + errMsg += "\n" + strconv.Itoa(i+1) + ". " + warningsList[i].(map[string]interface{})["message"].(string) + } + } + } + + if blockingError := response["blocking-errors"]; blockingError != nil { + errMsg += "\nBlocking errors: " + warningMsgType := reflect.TypeOf(blockingError).Kind() + if warningMsgType == reflect.String { + errMsg += blockingError.(string) + "\n" + } else { + blockingErrorsList := response["blocking-errors"].([]interface{}) + for i := range blockingErrorsList { + errMsg += "\n" + strconv.Itoa(i+1) + ". " + blockingErrorsList[i].(map[string]interface{})["message"].(string) + } + } + } + } + + return errMsg +} + +func (r *APIResponse) setErrMsg(message string) { + r.ErrorMsg = message +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 729533ef..a22e845c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -8,7 +8,7 @@ cloud.google.com/go/internal/trace cloud.google.com/go/internal/version # cloud.google.com/go/storage v1.10.0 cloud.google.com/go/storage -# github.com/CheckPointSW/cp-mgmt-api-go-sdk v1.7.2 +# github.com/CheckPointSW/cp-mgmt-api-go-sdk v1.8.0 github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles # github.com/Masterminds/goutils v1.1.0 github.com/Masterminds/goutils diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index f6fe7544..1239c03d 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -18,26 +18,6 @@ DevSecOps workflows. ## Examples of usage To use Check Point provider, copy and paste this code into your Terraform configuration, update provider configuration and run `terraform init`. -### Terraform 0.12 and earlier: -```hcl -# Configure Check Point Provider for Management API -provider "checkpoint" { - server = "192.0.2.1" - username = "aa" - password = "aaaa" - context = "web_api" - session_name = "Terraform Session" -} - -# Create network object -resource "checkpoint_management_network" "network" { - name = "My network" - subnet4 = "192.0.2.0" - mask_length4 = "24" - # ... -} -``` -### Terraform 0.13 and later: ```hcl terraform { required_providers { @@ -54,7 +34,7 @@ provider "checkpoint" { username = "aa" password = "aaaa" context = "web_api" - session_name = "Terraform Session" + session_name = "Terraform session" } # Create network object @@ -365,6 +345,26 @@ $ mv verify_policy $GOPATH/src/github.com/terraform-providers/terraform-provider $ terraform apply && verify_policy -policy-package ``` +## Compatibility with Management +Check Point Provider supports Management server from version R80 and above. +However, some Terraform resources or specific fields in Terraform resource might not be available because they are not supported in your Management API version. +
You can check the Management API [versions list](https://sc1.checkpoint.com/documents/latest/APIs/index.html#api_versions) to see what is supported by your Management server. + +## Compatibility with CME +Check Point Provider supports configuring objects in CME configuration file starting from Security Management/Multi-Domain Security Management Server version R81.10 and higher. + +The table below shows the compatibility between the Terraform Release version and the CME API version: + +| Terraform Release version | CME API version | CME Take | +|---------------------------|-----------------|----------------| +| v2.9.0 | v1.2.2 | 289 and higher | +| v2.8.0 | v1.2 | 279 and higher | +| v2.7.0 | v1.1 | 255 and higher | +
+-> **Note:** When you install or upgrade the Terraform Release version, make sure to also upgrade CME to the corresponding CME Take to properly configure CME resources. + +For details about upgrading CME, please refer to the documentation [here](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/Installing_and_Updating_CME.htm?tocpath=_____4). + ## Import Resources In order to import resource, use the `terraform import` command with object unique identifier. @@ -391,23 +391,6 @@ $ terraform import checkpoint_management_host.host 9423d36f-2d66-4754-b9e2-e7f44 For more information about `terraform import` command, please refer [here](https://www.terraform.io/docs/import/usage.html). -## Compatibility with CME -Check Point Provider supports configuring objects in CME configuration file starting from Security Management/Multi-Domain Security Management Server version R81.10 and higher. - -The table below shows the compatibility between the Terraform Release version and the CME API version: - -| Terraform Release version | CME API version | CME Take | -|---------------------------|-----------------|----------------| -| v2.9.0 | v1.2.2 | 289 and higher | -| v2.8.0 | v1.2 | 279 and higher | -| v2.7.0 | v1.1 | 255 and higher | - - --> **Note:** When you install or upgrade the Terraform Release version, make sure to also upgrade CME to the corresponding CME Take to properly configure CME resources. - - -For details about upgrading CME, please refer to the documentation [here](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/Installing_and_Updating_CME.htm?tocpath=_____4). - ## Tips & Best Practices This section describes best practices for working with the Check Point provider. @@ -416,4 +399,5 @@ This section describes best practices for working with the Check Point provider. * Keep on object name uniqueness in your environment. * Use object name when reference to an object (avoid use of object UID). * Use post apply scripts (e.g. publish, install policy, logout) to run actions after apply your changes. Terraform runs in parallel and because of that we can't predict the order of when changes will execute, running post apply scripts will ensure to run last after all changes submitted successfully. -* Create implicit / explicit dependencies between resources or modules. Terraform uses this dependency information to determine the correct order in which to create the different resources. To do so, it creates a dependency graph of all of the resources defined by the configuration. For more information, please refer [here](https://developer.hashicorp.com/terraform/tutorials/configuration-language/dependencies#dependencies). +* Create implicit / explicit dependencies between resources or modules. Terraform uses this dependency information to determine the correct order in which to create the different resources. To do so, it creates a dependency graph of all of the resources defined by the configuration. For more information, please refer [here](https://developer.hashicorp.com/terraform/tutorials/configuration-language/dependencies#dependencies). +* When configure the provider [context](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#context-1) to `gaia_api` you can run only GAIA resources. Management resources will not be supported. \ No newline at end of file diff --git a/website/docs/r/checkpoint_management_generic_api.html.markdown b/website/docs/r/checkpoint_generic_api.html.markdown similarity index 88% rename from website/docs/r/checkpoint_management_generic_api.html.markdown rename to website/docs/r/checkpoint_generic_api.html.markdown index 6afff8c2..2d641bb4 100644 --- a/website/docs/r/checkpoint_management_generic_api.html.markdown +++ b/website/docs/r/checkpoint_generic_api.html.markdown @@ -8,9 +8,9 @@ This resource allows you to execute generic Management API calls. # Resource: checkpoint_generic_api -This resource allows you to execute Check Point generic Management or GAIA API.
+This resource allows you to execute Check Point generic Management API or GAIA API.
See the [Management API reference](https://sc1.checkpoint.com/documents/latest/APIs/index.html) or [GAIA API reference](https://sc1.checkpoint.com/documents/latest/GaiaAPIs/index.html) for a complete list of APIs you can run on your Check Point server.
-NOTE: If you configure the provider [context](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#context-1) to `gaia_api` you can execute only GAIA API and GAIA resources. Management API or any other resources will not be supported. +NOTE: If you configure the provider [context](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#context-1) to `gaia_api` you can run only GAIA API and GAIA resources. Management API or any other resource will not be supported. ## Example Usage @@ -37,7 +37,7 @@ resource "checkpoint_generic_api" "api3" { api_command = "gaia-api/show-proxy" payload = < Date: Wed, 11 Dec 2024 14:46:37 +0200 Subject: [PATCH 3/3] remove ips_update_policy default value --- checkpoint/resource_checkpoint_management_simple_cluster.go | 1 - checkpoint/resource_checkpoint_management_simple_gateway.go | 1 - 2 files changed, 2 deletions(-) diff --git a/checkpoint/resource_checkpoint_management_simple_cluster.go b/checkpoint/resource_checkpoint_management_simple_cluster.go index 47ebfced..33ac6f5a 100644 --- a/checkpoint/resource_checkpoint_management_simple_cluster.go +++ b/checkpoint/resource_checkpoint_management_simple_cluster.go @@ -753,7 +753,6 @@ func resourceManagementSimpleCluster() *schema.Resource { Type: schema.TypeString, Optional: true, Description: "Specifies whether the IPS will be downloaded from the Management or directly to the Gateway.", - Default: "gateway automatic update", }, "nat_hide_internal_interfaces": { Type: schema.TypeBool, diff --git a/checkpoint/resource_checkpoint_management_simple_gateway.go b/checkpoint/resource_checkpoint_management_simple_gateway.go index faa870cb..ef2b5db6 100644 --- a/checkpoint/resource_checkpoint_management_simple_gateway.go +++ b/checkpoint/resource_checkpoint_management_simple_gateway.go @@ -743,7 +743,6 @@ func resourceManagementSimpleGateway() *schema.Resource { Type: schema.TypeString, Optional: true, Description: "Specifies whether the IPS will be downloaded from the Management or directly to the Gateway.", - Default: "gateway automatic update", }, "nat_hide_internal_interfaces": { Type: schema.TypeBool,