CheckPointAnsibleGAIACollection icon indicating copy to clipboard operation
CheckPointAnsibleGAIACollection copied to clipboard
verified publisher icon CheckPointSW

`check_mode` is declared as supported, but seems to be not in `cp_gaia_ssh_server_settings` (maybe also other modules)

Open mib1185 opened this issue 9 months ago • 2 comments

Hello,

consider the following playbook (it is simplified to show the use case)

- hosts: cp_gaia
  gather_facts: false
  vars:
    enabled_ciphers:
      - aes128-ctr
      - [email protected]
      - aes192-ctr
      - aes256-ctr
      - [email protected]
    enabled_kex_algorithms:
      - curve25519-sha256
      - [email protected]
      - diffie-hellman-group16-sha512
      - diffie-hellman-group18-sha512
      - diffie-hellman-group-exchange-sha256
      - ecdh-sha2-nistp256
      - ecdh-sha2-nistp384
      - ecdh-sha2-nistp521
    enabled_mac_algorithms:
      - hmac-sha2-256
      - [email protected]
      - hmac-sha2-512
      - [email protected]
  tasks:
    - name: Set ssh server settings
      check_point.gaia.cp_gaia_ssh_server_settings:
        enabled_ciphers: "{{ enabled_ciphers }}"
        enabled_kex_algorithms: "{{ enabled_kex_algorithms }}"
        enabled_mac_algorithms: "{{ enabled_mac_algorithms }}"

when run this in check mode twice after each other, I would expect that each playbook run results in changed states, since the first run should not change anything, so the second run should show the same changes. But it do the changes, even when started in check mode

$ ansible-playbook -i inventories/test/ playbooks/dev.yaml --check

PLAY [cp_gaia] *********************************************************************************************************************************************************************************************************************************************************************************

TASK [Set ssh server settings] *****************************************************************************************************************************************************************************************************************************************************************
changed: [fw1]
changed: [fw2]

PLAY RECAP *************************************************************************************************************************************************************************************************************************************************************************************
fw1                     : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
fw2                     : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Playbook run took 0 days, 0 hours, 0 minutes, 1 seconds

$ ansible-playbook -i inventories/test/ playbooks/dev.yaml --check

PLAY [cp_gaia] *********************************************************************************************************************************************************************************************************************************************************************************

TASK [Set ssh server settings] *****************************************************************************************************************************************************************************************************************************************************************
ok: [fw1]
ok: [fw2]

PLAY RECAP *************************************************************************************************************************************************************************************************************************************************************************************
fw1                     : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
fw2                     : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Playbook run took 0 days, 0 hours, 0 minutes, 1 seconds

$ ansible-galaxy collection list | grep gaia
check_point.gaia            7.0.0  
$ ansible --version
ansible [core 2.16.14]

fw1: R81.20 Jumbo Hotfix Take 84
fw2: R81.20 Jumbo Hotfix Take 98

mib1185 avatar Mar 21 '25 14:03 mib1185

Hi @chkp-majds @chkp-omerhad sorry to ping you directly, I know it's not common to do so, because it looks demanding, but I saw you both were the most active ones in this project within the last 12 months and there was no bot pinging or assigning someone. Could you please have look into this? We need to know, how the check-mode is supposed to be supported by these modules. thanks in advanced.

mib1185 avatar Apr 15 '25 11:04 mib1185

Meanwhile I found this post at check mates with following solution:

Hi Daniel, From a quick check, it seems that Gaia Collection doesn't support that, although it's documented as it's supported. (Sorry for that)

We will check that and add it to our roadmap for adding/fixing this support in the next releases.

let's hope it will get fixed soon 🤞

mib1185 avatar May 07 '25 13:05 mib1185