Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Employee+
Employee+

Check Point provider on Terraform is officially live!

 
 

trfrm.png

 

Hello all!

We are glad to announce that Check Point provider on Terraform is officially live!

Terraform is a very well-known solution for building, changing and versioning infrastructure. Terraform is cloud-agnostic and allows a single configuration to be used to manage multiple providers, and to even handle cross-cloud dependencies. This simplifies management and orchestration, helps to build and provision multi-cloud infrastructures.

Check Point Provider can be used to automate security responses to threats, provision both physical and virtualized next-generation firewalls and automate routine Security Management configuration tasks, saving time and reducing configuration errors.With the Check Point provider, DevOps teams can automate their security and transform it into DevSecOps workflows.

We’re now working to extend the list of supported API to include majority of Management and GAiA OS APIs and will have news very soon! This integration follows our integration with Ansible, introduced in 2019.

We’re looking to accompany customers that use Terraform and Check Point and to build great stuff together.

We also encourage you all to check out the provider, please feel free to share use cases and feedback, we’ll be glad to assist.

You can contact myself mailto:dimam@checkpoint.com  and Eran Habad mailto:eranh@checkpoint.com 

10 Replies
Employee+
Employee+

Well done for the Management API team for making it happen, kudos for @chkp-idoma  who led this development! Great stuff!

Contributor

Hello, I am super happy to hear that check point finally supports terraform.
I tried  a super easy sample to create a network but I failed, and I didn't find a lot of documentation tot this:

I am using a Provider 1 (Multi-Domain Security Management) with R80.30 and the latest Jumbo Take 140.

 

[Expert@fw060b001:0]# cpinfo -y all 2>&1 | grep JUMBO | uniq
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 140
BUNDLE_R80_30_JUMBO_HF_MAIN_gogoKernel Take: 140

 

 

This is my sample terraform file:

I miss  the Option how to define a specific Domain of the Multi-Domain Security Management

 

 

# Configure the Check Point Provider
provider "checkpoint" {
    server = "IP of Multi Domain Security Manger"
    username = "CP Username"
    password = "CP Password"
    context = "web_api"
}

# Create a Network Object
resource "checkpoint_management_network" "example" {
  name = "tf-Network_mierseba-1"
  subnet4 = "192.0.2.4"
  mask_length4 = 32
}

# Publish
resource "checkpoint_management_publish" "example" { }

 

 

 

azure@VM-DevOps-Agent-1:~/go/src$ git clone https://github.com/terraform-providers/terraform-provider-checkpoint.git
azure@VM-DevOps-Agent-1:~/go/src/terraform-provider-checkpoint$ make build

azure@VM-DevOps-Agent-1:~/go/src/terraform-provider-checkpoint/commands/publish$ terraform init

azure@VM-DevOps-Agent-1:~/go/src/terraform-provider-checkpoint/commands/publish$ terraform apply && ./publish
checkpoint_management_publish.example: Refreshing state... [id=d5545e34-0b89-4dee-bbd8-83deea0c62e9]
checkpoint_management_network.example: Refreshing state... [id=0102db30-f344-4498-8694-e42635a69207]

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
2020/02/19 11:09:21 error: missing parameters to initialize api client - (server, username, password)

 

 

 When I  try to execute with terraform apply && ./publish 

I get the error message " error: missing parameters to initialize api client - (server, username, password)" I guess it the Domain is missing.

I also tried to use the IP of the MGMT of the specific Domain. And also searched all domains, and Global domain for the object, without any success.

It whould be helpful to have some more information and a more detailed documentation, especialy for Multi-Domain Security Management.

Did I miss something or just forgot something?

  • Do I need a special MGMT Version?
  • Do I need a special terraform Version?
  • ...

 

0 Kudos
Reply
Admin
Admin

Perhaps in the provider section, you need to add domain = "MyDomain"?
It's not in the Terraform docs, but based on how the API works in general, that seems to be the correct answer.
0 Kudos
Reply
Contributor

Hi PhoneBoy,
I also tried this already, it is not expected:

But maybe I miss something else.

azure@VM-DevOps-Agent-1:~/go/src/terraform-provider-checkpoint/commands/publish$ terraform apply && ./publish

Error: Unsupported argument

on cp_tf-first-sample.tf line 6, in provider "checkpoint":
6: domain = "Global"

An argument named "domain" is not expected here.

azure@VM-DevOps-Agent-1:~/go/src/terraform-provider-checkpoint/commands/publish$

 

0 Kudos
Reply
Contributor

Hi,

I just setup a normal Check Point MGMT Server in Azure and tried the same. And I also get the same Message.

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
2020/02/20 08:29:12 error: missing parameters to initialize api client - (server, username, password)

 

0 Kudos
Reply
Employee
Employee

Hi Marcel_M,

Can you please share your provider configuration file? It seems like one of the fields: server, username or password is missing

0 Kudos
Reply
Contributor

Hi,

this is the complete setup:

I have this in the Provider Section of the Terraform File, just changed IP and User/PW.

 

 

azure@VM-DevOps-Agent-1:~/go/src/terraform-provider-checkpoint/commands/publish$ terraform --version
Terraform v0.12.21
+ provider.checkpoint v1.0.0

azure@VM-DevOps-Agent-1:~/go/src/terraform-provider-checkpoint/commands/publish$ terraform init

Initializing the backend...

Initializing provider plugins...

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* provider.checkpoint: version = "~> 1.0"

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

azure@VM-DevOps-Agent-1:~/go/src/terraform-provider-checkpoint/commands/publish$ cat cp_tf-first-sample.tf
# Configure the Check Point Provider
provider "checkpoint" {
  server   = "11.11.111.111"
  username = "admin"
  password = "mypassword"
  context  = "web_api"
}

# Create a Network Object
resource "checkpoint_management_network" "example" {
  name         = "tf-Network_-3"
  subnet4      = "192.0.2.56"
  mask_length4 = 32
}

azure@VM-DevOps-Agent-1:~/go/src/terraform-provider-checkpoint/commands/publish$ terraform apply && ./publish
checkpoint_management_network.example: Refreshing state... [id=c2909322-cbc6-464f-8974-c91c47757f45]

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
2020/02/21 08:07:11 error: missing parameters to initialize api client - (server, username, password)

azure@VM-DevOps-Agent-1:~/go/src/terraform-provider-checkpoint/commands/publish$

 

 

 

0 Kudos
Reply
Collaborator

I was under the impression that you had to set the env variables in addition to the terraform file itself.

 

$ export CHECKPOINT_SERVER=192.0.2.1
$ export CHECKPOINT_USERNAME="aa"
$ export CHECKPOINT_PASSWORD="aaaa"
$ export CHECKPOINT_CONTEXT="web_api"

https://www.terraform.io/docs/providers/checkpoint/index.html

Could this be related to what you are having issues with ? 

0 Kudos
Reply
Contributor

Great thx @vinceneil666 at now it works at least on a normal Check Point Management.

I tried the same on the Provider 1 (Multi-Domain Security Management) here I still have the issue:

I tried this:

#!/bin/sh
echo "Setting environment variables for Terraform"
export CHECKPOINT_SERVER="1.1.1.1"
export CHECKPOINT_USERNAME="admin"
export CHECKPOINT_PASSWORD="password"
export CHECKPOINT_DOMAIN="Global"
export CHECKPOINT_CONTEXT="web_api"

echo $CHECKPOINT_SERVER
echo $CHECKPOINT_USERNAME
echo $CHECKPOINT_PASSWORD
echo $CHECKPOINT_DOMAIN
echo $CHECKPOINT_CONTEXT

 and also export CHECKPOINT_SERVER="1.1.1.1/Global"

 

or the direct IP of the CMA: CHECKPOINT_SERVER="2.2.2.2"

But no success so far with the Multi Domain Setup

0 Kudos
Reply
Employee
Employee

Hi @Marcel_M ,

As we mentioned in Terraform documentation:

 

Untitled.png

You must set environment variables to be able to use post apply/destroy commands.

Regarding MDS (Multi-Domain Security Management) - we will support it very soon. I will update the website and here once we do.

0 Kudos
Reply