-What version of Check Point management?
I have installed the Check_Point_R80_10_JUMBO_HF_Bundle_T259 a few weeks ago:
FW> fw ver
This is Check Point's software version R80.10 - Build 223
FW> fwm ver
This is Check Point Security Management Server R80.10 - Build 054
-What errors (if any) are shown when you try and run the playbook after you've removed Host_1.1.1.3 from it?
There is no error while running the playbook.
-Also, what does $FWDIR/log/api.elg say?
Follow the log when I try to remove object "Block_1.1.1.2" from the group "Blacklist" that contains the members ["Block_1.1.1.1", "Block_1.1.1.2", "Block_1.1.1.3", "Block_1.1.1.4", "Block_1.1.1.5", "Block_1.1.1.6"]
I'm using the module cp_mgmt_group passing all objects except the object I want to remove.
--------------------------------------
2020-04-20 11:11:05,407 INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp1746170792-30] - Inbound Message
----------------------------
ID: 922
Address: http://127.0.0.1:50276/web_api/equals
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/json
Headers: {accept-encoding=[identity], connection=[keep-alive], Content-Length=[148], content-type=[application/json], Host=[127.0.0.1:50276], User-Agent=[Python-urllib/3.6], X-Chkp-Sid=[fxH3s_SgVrU5ZACbmSo2Xvj0fM2N171NddKIQOdTeK0], X-Forwarded-For=[192.168.3.2], X-Forwarded-Host=[192.168.3.7:443], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[192.168.3.7]}
Payload: {"params": {"name": "Blacklist", "members": ["Block_1.1.1.1", "Block_1.1.1.3", "Block_1.1.1.4", "Block_1.1.1.5", "Block_1.1.1.6"]}, "type": "group"}
--------------------------------------
2020-04-20 11:11:05,414 WARN com.checkpoint.management.web_api_is.utils.helpers.RequestHeadersHelper.getMediaType_aroundBody6:21 [qtp1746170792-30] - No Accept header received. Falling back to default media type [application/json].
2020-04-20 11:11:05,415 INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.<init>:13 [qtp1746170792-30] - Cache created and initialized
2020-04-20 11:11:05,415 INFO com.checkpoint.management.web_api.web_services.WebApiEntryPoint.logRequestedCommandInfo:33 [qtp1746170792-30] - Executing [equals] of version 1.1 (references 1)
2020-04-20 11:11:05,655 INFO com.checkpoint.management.web_api_is.utils.CsvFileWriterUtils.writeCsvLine:3 [qtp1746170792-30] - 2020-04-20,11:11:05 +0200,equals,PASSED,241
2020-04-20 11:11:05,657 INFO org.apache.cxf.interceptor.LoggingOutInterceptor.log:250 [qtp1746170792-30] - Outbound Message
---------------------------
ID: 922
Response-Code: 200
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Mon, 20 Apr 2020 09:11:05 GMT]}
Payload: {
"equals" : true
}
--------------------------------------
I think that the problem is related with the way that how Ansible works.
When you try to update the members of a group, if inside the members there is at least one new member that wasn't there before, the task "changes" the group object, adding the new member. (That works ok in my playbook)
But if inside the members there is no one new (because you only have removed one of them, the rest still there) it doesn't make any change because the members that you are trying to add now are already there, and nothing changes in the group object.
Maybe this logic is not valid.
I hope I have explained myself well.
Thank you