check_point.mgmt.cp_mgmt_external_trusted_ca module – Manages external-trusted-ca objects on Checkpoint over Web Services API

Note

This module is part of the check_point.mgmt collection (version 6.2.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_external_trusted_ca.

New in check_point.mgmt 6.0.0

Synopsis

• Manages external-trusted-ca objects on Checkpoint devices including creating, updating and removing objects.

• All operations are performed over Web Services API.

Parameters

Parameter	Comments
allow_certificates_from_branches boolean	Allow only certificates from listed branches. Choices: false true
auto_publish_session boolean	Publish the current session if changes have been performed after task completes. Choices: false ← (default) true
base64_certificate string	Certificate file encoded in base64.
branches list / elements=string	Branches to allow certificates from. Required only if “allow-certificates-from-branches” set to “true”.
color string	Color of the object. Should be one of existing colors. Choices: "aquamarine" "black" "blue" "crete blue" "burlywood" "cyan" "dark green" "khaki" "orchid" "dark orange" "dark sea green" "pink" "turquoise" "dark blue" "firebrick" "brown" "forest green" "gold" "dark gold" "gray" "dark gray" "light green" "lemon chiffon" "coral" "sea green" "sky blue" "magenta" "purple" "slate blue" "violet red" "navy blue" "olive" "orange" "red" "sienna" "yellow"
comments string	Comments string.
crl_cache_method string	Weather to retrieve new Certificate Revocation List after the certificate expires or after a fixed period. Choices: "timeout" "expiration date"
crl_cache_timeout integer	When to fetch new Certificate Revocation List (in minutes).
details_level string	The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. Choices: "uid" "standard" "full"
domains_to_process list / elements=string	Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
ignore_errors boolean	Apply changes ignoring errors. You won’t be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. Choices: false true
ignore_warnings boolean	Apply changes ignoring warnings. Choices: false true
name string / required	Object name.
retrieve_crl_from_http_servers boolean	Whether to retrieve Certificate Revocation List from http servers. Choices: false true
state string	State of the access rule (present or absent). Choices: "present" ← (default) "absent"
tags list / elements=string	Collection of tag identifiers.
version string	Version of checkpoint. If not given one, the latest version taken.
wait_for_task boolean	Wait for the task to end. Such as publish task. Choices: false true ← (default)
wait_for_task_timeout integer	How many minutes to wait until throwing a timeout error. Default: 30

Examples

- name: add-external-trusted-ca
  cp_mgmt_external_trusted_ca:
    base64_certificate:
     "MIICujCCAaKgAwIBAgIIP1+IHWHbl0EwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAxMJd3d3LnouY29tMB4XDTIzMTEyOTEyMzAwMFoXDTI0MTEyMDE2MDAwMFowFDESMBAGA1UEAxMJd3d3LnouY29tMI
    BIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBreRGuq8u43GBog+ZaAnaR8ZF8cT2ppvtd3JoFmzTOQivLIt9sNtFYqEgHCtnNkKn9TRrxN14YscHgKIxfDSVlC9Rh0rrBvWgFqcm715Whr99Ogx
    JbYFkusFWJarSejIFx4n6MM48MJxLdtCP6Hy1G2cj1BCiCHj4i3VIVaDE/aMkSqJbYEvf+vFqUWxY8/uEuKI/HGhI7mhUPW4NSGL0Oafz5eEFVsxqV5NA19/JJZ9NajSkyANnaNL5raxGV0oeqaE3JB3lS
    ZfWbH6mQsToUxxwIQfsZiIBozajDdTgP3Kn4SMY0b+I/WAWgfigMSDTAIR8J1sdzGXy2w2kqQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBUgrHztHwC1E0mU5c4reMrHg+
    +YRHrgJNHVIYQbL5I2TJHk9S3UZsynoMa1CO86rReOtR5xoGv4PCkyyOW+PNlWUtXF3tNgqWj/21+XzG4RBHPw89TaTxRCdo+MHX58fi07SIzKjmxfdkEi+7+HQEQluDZGViolrGBAw2rXq/SZ3q/11mNq
    b5ZyqyOa2u1sBF1ApvG5a/FBRTaO8gaiNelRf0PGYkuV+1HhF2XyP8Qk565d+uxUH5M7eHF2PNyVk/r/36T+x+UMql9y9iizA0ekuAjXLok1xYl3Vw4S5zXCXYtNZLOVrs+plJb7IrlElyTOAbDFuPugh0
    edz7uZ"
    name: external_ca
    state: present

- name: set-external-trusted-ca
  cp_mgmt_external_trusted_ca:
    base64_certificate:
     "MIICujCCAaKgAwIBAgIIFbLYzT2+3TMwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAxMJd3d3LnouY29tMB4XDTI0MDIwMTEyMzEwMFoXDTI0MTIzMTE2MDAwMFowFDESMBAGA1UEAxMJd3d3LnouY29tMI
    BIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBreRGuq8u43GBog+ZaAnaR8ZF8cT2ppvtd3JoFmzTOQivLIt9sNtFYqEgHCtnNkKn9TRrxN14YscHgKIxfDSVlC9Rh0rrBvWgFqcm715Whr99Ogx
    JbYFkusFWJarSejIFx4n6MM48MJxLdtCP6Hy1G2cj1BCiCHj4i3VIVaDE/aMkSqJbYEvf+vFqUWxY8/uEuKI/HGhI7mhUPW4NSGL0Oafz5eEFVsxqV5NA19/JJZ9NajSkyANnaNL5raxGV0oeqaE3JB3lS
    ZfWbH6mQsToUxxwIQfsZiIBozajDdTgP3Kn4SMY0b+I/WAWgfigMSDTAIR8J1sdzGXy2w2kqQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBxaE9O/LCjKfWeugPeDPvr3Ld
    i1mYsgNIyN+ES1iDoJHXrBQpVzZelJRr8leFgbghGUX7Fwdh1qZ2Jw6nmD1oe/Q7jkPzTngb6dIMI/kFK4eXcS4GJ3S7yGobLB7QUKK1vrYWZdNuAzR6jMRmFECS+lPF7zlTexnwwOkATMp6lzS7xEpEhk
    8eLpSQnYzvsM+rL9voU5q9MrdAJ2XaCZe4Crv75NdYU6ljD2eSYDrO148Tg480TlvT5wzBuyanKhI/Po2oLEVWU7h5tkensHKB5zvxigIr9ZkczdzVbbrRFi2jSQy+VxYWc0zCo/uO+yaKmmLfGDQEb8wZ
    Y1Ml27"
    crl_cache_method: expiration date
    name: external_ca
    retrieve_crl_from_http_servers: 'false'
    state: present

- name: delete-external-trusted-ca
  cp_mgmt_external_trusted_ca:
    name: external_ca
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
cp_mgmt_external_trusted_ca dictionary	The checkpoint object created or updated. Returned: always, except when deleting the object.

Authors

• Eden Brillant (@chkp-edenbr)

Collection links

• Issue Tracker
• Repository (Sources)