check_point.mgmt.cp_mgmt_passcode_profile module – Manages passcode-profile objects on Checkpoint over Web Services API

Note

This module is part of the check_point.mgmt collection (version 6.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_passcode_profile.

New in check_point.mgmt 6.0.0

Synopsis

  • Manages passcode-profile objects on Checkpoint devices including creating, updating and removing objects.

  • All operations are performed over Web Services API.

  • Available from R82 management version.

Parameters

Parameter

Comments

allow_simple_passcode

boolean

The passcode length is 4 and only numeric values allowed.

Choices:

  • false

  • true

auto_publish_session

boolean

Publish the current session if changes have been performed after task completes.

Choices:

  • false ← (default)

  • true

color

string

Color of the object. Should be one of existing colors.

Choices:

  • "aquamarine"

  • "black"

  • "blue"

  • "crete blue"

  • "burlywood"

  • "cyan"

  • "dark green"

  • "khaki"

  • "orchid"

  • "dark orange"

  • "dark sea green"

  • "pink"

  • "turquoise"

  • "dark blue"

  • "firebrick"

  • "brown"

  • "forest green"

  • "gold"

  • "dark gold"

  • "gray"

  • "dark gray"

  • "light green"

  • "lemon chiffon"

  • "coral"

  • "sea green"

  • "sky blue"

  • "magenta"

  • "purple"

  • "slate blue"

  • "violet red"

  • "navy blue"

  • "olive"

  • "orange"

  • "red"

  • "sienna"

  • "yellow"

comments

string

Comments string.

details_level

string

The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

Choices:

  • "uid"

  • "standard"

  • "full"

domains_to_process

list / elements=string

Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.

enable_inactivity_time_lock

boolean

Lock the device if app is inactive.

Choices:

  • false

  • true

enable_passcode_failed_attempts

boolean

Exit after few failures in passcode verification.

Choices:

  • false

  • true

enable_passcode_history

boolean

Check passcode history for reparations.

Choices:

  • false

  • true

force_passcode_expiration

boolean

Enable/disable expiration date to the passcode.

Choices:

  • false

  • true

ignore_errors

boolean

Apply changes ignoring errors. You won’t be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.

Choices:

  • false

  • true

ignore_warnings

boolean

Apply changes ignoring warnings.

Choices:

  • false

  • true

max_inactivity_time_lock

integer

Time without user input before passcode must be re-entered (in minutes).

max_passcode_failed_attempts

integer

Number of failed attempts allowed.

min_passcode_complex_characters

integer

Minimum number of complex characters (if “require-alphanumeric-passcode” is enabled). The number of the complex characters cannot be greater than number of the passcode length.

min_passcode_length

integer

Minimum passcode length - relevant if “allow-simple-passcode” is disable.

name

string / required

Object name.

passcode_expiration_period

integer

The period in days after which the passcode will expire.

passcode_history

integer

Number of passcodes that will be kept in history.

require_alphanumeric_passcode

boolean

Require alphanumeric characters in the passcode - relevant if “allow-simple-passcode” is disable.

Choices:

  • false

  • true

state

string

State of the access rule (present or absent).

Choices:

  • "present" ← (default)

  • "absent"

tags

list / elements=string

Collection of tag identifiers.

version

string

Version of checkpoint. If not given one, the latest version taken.

wait_for_task

boolean

Wait for the task to end. Such as publish task.

Choices:

  • false

  • true ← (default)

wait_for_task_timeout

integer

How many minutes to wait until throwing a timeout error.

Default: 30

Examples

- name: add-passcode-profile
  cp_mgmt_passcode_profile:
    name: New App Passcode Policy
    state: present

- name: set-passcode-profile
  cp_mgmt_passcode_profile:
    allow_simple_passcode: 'true'
    max_inactivity_time_lock: '30'
    name: New App Passcode Policy
    require_alphanumeric_passcode: 'false'
    state: present

- name: delete-passcode-profile
  cp_mgmt_passcode_profile:
    name: My App Passcode Policy
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

cp_mgmt_passcode_profile

dictionary

The checkpoint object created or updated.

Returned: always, except when deleting the object.

Authors

  • Eden Brillant (@chkp-edenbr)