check_point.mgmt.cp_mgmt_user module – Manages user objects on Checkpoint over Web Services API

Note

This module is part of the check_point.mgmt collection (version 6.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_user.

New in check_point.mgmt 6.3.0

Synopsis

  • Manages user objects on Checkpoint devices including creating, updating and removing objects.

  • All operations are performed over Web Services API.

  • Available from R80.40 JHF management version.

Parameters

Parameter

Comments

allowed_locations

dictionary

User allowed locations.

destinations

list / elements=string

Collection of allowed destination locations name or uid.

sources

list / elements=string

Collection of allowed source locations name or uid.

authentication_method

string

Authentication method.

Choices:

  • "undefined"

  • "check point password"

  • "os password"

  • "securid"

  • "radius"

  • "tacacs"

auto_publish_session

boolean

Publish the current session if changes have been performed after task completes.

Choices:

  • false ← (default)

  • true

color

string

Color of the object. Should be one of existing colors.

Choices:

  • "aquamarine"

  • "black"

  • "blue"

  • "crete blue"

  • "burlywood"

  • "cyan"

  • "dark green"

  • "khaki"

  • "orchid"

  • "dark orange"

  • "dark sea green"

  • "pink"

  • "turquoise"

  • "dark blue"

  • "firebrick"

  • "brown"

  • "forest green"

  • "gold"

  • "dark gold"

  • "gray"

  • "dark gray"

  • "light green"

  • "lemon chiffon"

  • "coral"

  • "sea green"

  • "sky blue"

  • "magenta"

  • "purple"

  • "slate blue"

  • "violet red"

  • "navy blue"

  • "olive"

  • "orange"

  • "red"

  • "sienna"

  • "yellow"

comments

string

Comments string.

connect_daily

boolean

Connect every day.

Choices:

  • false

  • true

connect_on_days

list / elements=string

Days users allow to connect.

details_level

string

The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

Choices:

  • "uid"

  • "standard"

  • "full"

email

string

User email.

encryption

dictionary

User encryption. Doesn’t support shared secret.

ike

boolean

Enable IKE encryption for users.

Choices:

  • false

  • true

public_key

boolean

Enable IKE public key.

Choices:

  • false

  • true

expiration_date

string

Expiration date in format, yyyy-MM-dd.

from_hour

string

Allow users connect from hour.

groups

list / elements=string

Collection of group identifiers.

ignore_errors

boolean

Apply changes ignoring errors. You won’t be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.

Choices:

  • false

  • true

ignore_warnings

boolean

Apply changes ignoring warnings.

Choices:

  • false

  • true

name

string / required

Object name.

password

string

Check Point password authentication method identified by the name or UID. Must be set when “authentication-method” was selected to be “Check Point Password”.

phone_number

string

User phone number.

radius_server

string

RADIUS server object identified by the name or UID. Must be set when “authentication-method” was selected to be “RADIUS”.

state

string

State of the access rule (present or absent).

Choices:

  • "present" ← (default)

  • "absent"

tacacs_server

string

TACACS server object identified by the name or UID. Must be set when “authentication-method” was selected to be “TACACS”.

tags

list / elements=string

Collection of tag identifiers.

template

string

User template name or UID.

to_hour

string

Allow users connect until hour.

version

string

Version of checkpoint. If not given one, the latest version taken.

wait_for_task

boolean

Wait for the task to end. Such as publish task.

Choices:

  • false

  • true ← (default)

wait_for_task_timeout

integer

How many minutes to wait until throwing a timeout error.

Default: 30

Examples

- name: add-user
  cp_mgmt_user:
    authentication_method: securid
    connect_daily: 'True'
    email: [email protected]
    encryption:
      enable_ike: 'True'
      enable_public_key: 'True'
    expiration_date: '2030-05-30'
    from_hour: 08:00
    name: myuser
    phone_number: '0501112233'
    state: present
    to_hour: '17:00'

- name: set-user
  cp_mgmt_user:
    authentication_method: undefined
    expiration_date: '2035-01-15'
    from_hour: '12:00'
    name: myuser
    state: present

- name: delete-user
  cp_mgmt_user:
    name: myuser
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

cp_mgmt_user

dictionary

The checkpoint object created or updated.

Returned: always, except when deleting the object.

Authors

  • Dor Berenstein (@chkp-dorbe)