This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
User1234
Contributor
‎2022-11-11 02:34 AM

Remove all members from object

Hi!

I want to remove all members of an object and I could really need some help atm.

To create the object I have the following task (example application site groups)

 

    - name: set application groups
      check_point.mgmt.cp_mgmt_application_site_group:
        name: "{{ item.Name }}"
        comments: "{{ item.Comments }}"
        members: "{{ item.Members }}"
      with_items: "{{ cp_application_groups }}"
      loop: "{{ cp_application_groups if cp_application_groups is iterable else []}}"

 

 A creation was made with the following object

 

- Name: custom-group
  Comments: Custom test
  Members:
  - File Storage and Sharing

 

 

When removing the entry of the members or replace it with an "- []", I get the following error message "Requested object [] not found"

 

- Name: custom-group
  Comments: Custom test
  Members:
  - [] # or remove it entirely

 

Can someone help me on this?

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2022-11-14 07:34 AM

In general, with Ansible, you describe the desired state, not the steps required to get to that state.
This creates a few issues when you're trying to manage objects with Ansible that were not created via Ansible.

The only way to use Ansible to remove items from an existing group is:

  • Describe the group as it exists now in an Ansible playbook and run it
  • Describe the group as you would like it to be in the Ansible playbook and run it

Otherwise, you will need to use a different mechanism to remove items from the group (e.g. SmartConsole, the API).

0 Kudos
User1234
Contributor
‎2022-11-14 07:39 AM
In response to PhoneBoy

Hey!

The objects have been created via ansible and I want to change them now. Therefore I have an object which had members, and I just wanna clear out all members now.

Desired state yesterday:

- Name: custom-group
  Comments: Custom test
  Members:
  - File Storage and Sharing

Desired state today:

- Name: custom-group
  Comments: Custom test

The problem is, not mentioning "Members" does not delete them, but does not touch any members in the group. Is there no way to remove all members from a group via ansible?

0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-14 07:44 AM
In response to User1234

Was the group itself created via Ansible? Yes or no.
If the group wasn't created by Ansible, then it may not be possible to remove items from it even if the items were added via Ansible later.
Paging @chkp-royl to clarify. 

0 Kudos
User1234
Contributor
‎2022-11-14 08:03 AM
In response to PhoneBoy

Yes, the group itself was created via ansible

0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-14 10:10 AM
In response to User1234

Has the group been modified by anything outside of Ansible?

0 Kudos
User1234
Contributor
‎2022-11-14 10:58 PM
In response to PhoneBoy

No. I am only refering to ansible created and modified, and system objects. No "manual" objects via Smart Console.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events