Try SpotterManages simple-cluster objects on Checkpoint over Web Services API
| "added in version" 3.0.0 of check_point.mgmt"
Authors: Eden Brillant (@chkp-edenbr)
preview | supported by community
Install with ansible-galaxy collection install check_point.mgmt:==5.2.3
collections:
- name: check_point.mgmt
version: 5.2.3Manages simple-cluster objects on Checkpoint devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-simple-cluster
cp_mgmt_simple_cluster:
cluster_mode: cluster-xl-ha
color: yellow
firewall: true
interfaces:
- anti_spoofing: true
interface_type: cluster
ip_address: 17.23.5.1
name: eth0
network_mask: 255.255.255.0
topology: EXTERNAL
- interface_type: sync
name: eth1
topology: INTERNAL
topology_settings:
interface_leads_to_dmz: false
ip_address_behind_this_interface: network defined by the interface ip and net
mask
- anti_spoofing: true
interface_type: cluster
ip_address: 192.168.1.1
name: eth2
network_mask: 255.255.255.0
topology: INTERNAL
topology_settings:
interface_leads_to_dmz: false
ip_address_behind_this_interface: network defined by the interface ip and net
mask
ip_address: 17.23.5.1
members:
- interfaces:
- ip_address: 17.23.5.2
name: eth0
network_mask: 255.255.255.0
- ip_address: 1.1.2.4
name: eth1
network_mask: 255.255.255.0
- ip_address: 192.168.1.2
name: eth2
network_mask: 255.255.255.0
ip_address: 17.23.5.2
name: member1
one_time_password: abcd
- interfaces:
- ip_address: 17.23.5.3
name: eth0
network_mask: 255.255.255.0
- ip_address: 1.1.2.5
name: eth1
network_mask: 255.255.255.0
- ip_address: 192.168.1.3
name: eth2
network_mask: 255.255.255.0
ip_address: 17.23.5.3
name: member2
one_time_password: abcd
name: cluster1
os_name: Gaia
state: present
cluster_version: R80.30
- name: set-simple-cluster
cp_mgmt_simple_cluster:
name: cluster1
state: present
- name: delete-simple-cluster
cp_mgmt_simple_cluster:
name: cluster1
state: absent
ips:
description:
- Intrusion Prevention System blade enabled.
type: bool
vpn:
description:
- VPN blade enabled.
type: bool
name:
description:
- Object name.
required: true
type: str
tags:
description:
- Collection of tag identifiers.
elements: str
type: list
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the access rule (present or absent).
type: str
groups:
description:
- Collection of group identifiers.
elements: str
type: list
members:
description:
- Cluster members list. Only new cluster member can be added. Adding existing gateway
is not supported.
elements: dict
suboptions:
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
comments:
description:
- Comments string.
type: str
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes.
If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
interfaces:
description:
- Cluster Member network interfaces.
elements: dict
suboptions:
anti_spoofing:
description:
- N/A
type: bool
anti_spoofing_settings:
description:
- N/A
suboptions:
action:
choices:
- prevent
- detect
description:
- If packets will be rejected (the Prevent option) or whether the packets
will be monitored (the Detect option).
type: str
exclude_packets:
description:
- Don't check packets from excluded network.
type: bool
excluded_network_name:
description:
- Excluded network name.
type: str
excluded_network_uid:
description:
- Excluded network UID.
type: str
spoof_tracking:
choices:
- none
- log
- alert
description:
- Spoof tracking.
type: str
type: dict
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
comments:
description:
- Comments string.
type: str
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from
showing only the UID value of the object to a fully detailed representation
of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes.
If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and
ipv6-address fields explicitly.
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv4_mask_length:
description:
- IPv4 network mask length.
type: str
ipv4_network_mask:
description:
- IPv4 network address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
ipv6_mask_length:
description:
- IPv6 network mask length.
type: str
ipv6_network_mask:
description:
- IPv6 network address.
type: str
mask_length:
description:
- IPv4 or IPv6 network mask length.
type: str
name:
description:
- Object name.
type: str
network_mask:
description:
- IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask
and ipv6-network-mask fields explicitly. Instead of providing mask itself
it is possible to specify IPv4 or IPv6 mask length in mask-length field.
If both masks length are required use ipv4-mask-length and ipv6-mask-length
fields explicitly.
type: str
security_zone:
description:
- N/A
type: bool
security_zone_settings:
description:
- N/A
suboptions:
auto_calculated:
description:
- Security Zone is calculated according to where the interface leads to.
type: bool
specific_zone:
description:
- Security Zone specified manually.
type: str
type: dict
tags:
description:
- Collection of tag identifiers.
elements: str
type: list
topology:
choices:
- automatic
- external
- internal
description:
- N/A
type: str
topology_settings:
description:
- N/A
suboptions:
interface_leads_to_dmz:
description:
- Whether this interface leads to demilitarized zone (perimeter network).
type: bool
ip_address_behind_this_interface:
choices:
- not defined
- network defined by the interface ip and net mask
- network defined by routing
- specific
description:
- Network settings behind this interface.
type: str
specific_network:
description:
- Network behind this interface.
type: str
type: dict
type: list
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address
fields explicitly.
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
name:
description:
- Object name.
type: str
one_time_password:
description:
- N/A
type: str
tags:
description:
- Collection of tag identifiers.
elements: str
type: list
type: list
os_name:
description:
- Cluster platform operating system.
type: str
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
anti_bot:
description:
- Anti-Bot blade enabled.
type: bool
comments:
description:
- Comments string.
type: str
firewall:
description:
- Firewall blade enabled.
type: bool
hardware:
description:
- Cluster platform hardware.
type: str
anti_virus:
description:
- Anti-Virus blade enabled.
type: bool
interfaces:
description:
- N/A
elements: dict
suboptions:
anti_spoofing:
description:
- N/A
type: bool
anti_spoofing_settings:
description:
- N/A
suboptions:
action:
choices:
- prevent
- detect
description:
- If packets will be rejected (the Prevent option) or whether the packets
will be monitored (the Detect option).
type: str
exclude_packets:
description:
- Don't check packets from excluded network.
type: bool
excluded_network_name:
description:
- Excluded network name.
type: str
excluded_network_uid:
description:
- Excluded network UID.
type: str
spoof_tracking:
choices:
- none
- log
- alert
description:
- Spoof tracking.
type: str
type: dict
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
comments:
description:
- Comments string.
type: str
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes.
If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
interface_type:
choices:
- cluster
- sync
- cluster + sync
- private
description:
- Cluster interface type.
type: str
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address
fields explicitly.
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv4_mask_length:
description:
- IPv4 network mask length.
type: str
ipv4_network_mask:
description:
- IPv4 network address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
ipv6_mask_length:
description:
- IPv6 network mask length.
type: str
ipv6_network_mask:
description:
- IPv6 network address.
type: str
mask_length:
description:
- IPv4 or IPv6 network mask length.
type: str
multicast_address:
description:
- Multicast IP Address.
type: str
multicast_address_type:
choices:
- manual
- default
description:
- Multicast Address Type.
type: str
name:
description:
- Object name.
type: str
network_mask:
description:
- IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask
and ipv6-network-mask fields explicitly. Instead of providing mask itself it
is possible to specify IPv4 or IPv6 mask length in mask-length field. If both
masks length are required use ipv4-mask-length and ipv6-mask-length fields
explicitly.
type: str
security_zone:
description:
- N/A
type: bool
security_zone_settings:
description:
- N/A
suboptions:
auto_calculated:
description:
- Security Zone is calculated according to where the interface leads to.
type: bool
specific_zone:
description:
- Security Zone specified manually.
type: str
type: dict
tags:
description:
- Collection of tag identifiers.
elements: str
type: list
topology:
choices:
- automatic
- external
- internal
description:
- N/A
type: str
topology_settings:
description:
- N/A
suboptions:
interface_leads_to_dmz:
description:
- Whether this interface leads to demilitarized zone (perimeter network).
type: bool
ip_address_behind_this_interface:
choices:
- not defined
- network defined by the interface ip and net mask
- network defined by routing
- specific
description:
- Network settings behind this interface.
type: str
specific_network:
description:
- Network behind this interface.
type: str
type: dict
type: list
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address
fields explicitly.
type: str
cluster_mode:
choices:
- cluster-xl-ha
- cluster-ls-multicast
- cluster-ls-unicast
- opsec-ha
- opsec-ls
description:
- Cluster mode.
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
vpn_settings:
description:
- Gateway VPN settings.
suboptions:
authentication:
description:
- Authentication.
suboptions:
authentication_clients:
description:
- Collection of VPN Authentication clients identified by the name or UID.
elements: str
type: list
type: dict
link_selection:
description:
- Link Selection.
suboptions:
dns_resolving_hostname:
description:
- DNS Resolving Hostname. Must be set when "ip-selection" was selected to
be "dns-resolving-from-hostname".
type: str
ip_address:
description:
- IP Address. Must be set when "ip-selection" was selected to be "use-selected-address-from-topology"
or "use-statically-nated-ip".
type: str
ip_selection:
choices:
- use-main-address
- use-selected-address-from-topology
- use-statically-nated-ip
- calculated-ip-based-on-topology
- dns-resolving-from-hostname
- dns-resolving-from-gateway-and-domain-name
- use-probing-with-high-availability
- use-probing-with-load-sharing
- use-one-time-probing
description:
- N/A
type: str
type: dict
maximum_concurrent_ike_negotiations:
description:
- N/A
type: int
maximum_concurrent_tunnels:
description:
- N/A
type: int
office_mode:
description:
- Office Mode. Notation Wide Impact - Office Mode apply IPSec VPN Software Blade
clients and to the Mobile Access Software Blade clients.
suboptions:
allocate_ip_address_from:
description:
- Allocate IP address Method. Allocate IP address by sequentially trying the
given methods until success.
suboptions:
allocate_method:
choices:
- manual
- automatic
description:
- Using either Manual (IP Pool) or Automatic (DHCP). Must be set when
"use-allocate-method" is true.
type: str
dhcp_mac_address:
choices:
- per-machine
- per-user
description:
- Calculated MAC address for DHCP allocation. Must be set when "allocate-method"
was selected to be "automatic".
type: str
dhcp_server:
description:
- DHCP Server. Identified by name or UID. Must be set when "allocate-method"
was selected to be "automatic".
type: str
manual_network:
description:
- Manual Network. Identified by name or UID. Must be set when "allocate-method"
was selected to be "manual".
type: str
optional_parameters:
description:
- This configuration applies to all Office Mode methods except Automatic
(using DHCP) and ipassignment.conf entries which contain this data.
suboptions:
dns_suffixes:
description:
- DNS Suffixes.
type: str
first_backup_dns_server:
description:
- First Backup DNS Server. Identified by name or UID. Must be set
when "use-first-backup-dns-server" is true and can not be set when
"use-first-backup-dns-server" is false.
type: str
first_backup_wins_server:
description:
- First Backup WINS Server. Identified by name or UID. Must be set
when "use-first-backup-wins-server" is true and can not be set when
"use-first-backup-wins-server" is false.
type: str
ip_lease_duration:
description:
- IP Lease Duration in Minutes. The value must be in the range 2-32767.
type: int
primary_dns_server:
description:
- Primary DNS Server. Identified by name or UID. Must be set when
"use-primary-dns-server" is true and can not be set when "use-primary-dns-server"
is false.
type: str
primary_wins_server:
description:
- Primary WINS Server. Identified by name or UID. Must be set when
"use-primary-wins-server" is true and can not be set when "use-primary-wins-server"
is false.
type: str
second_backup_dns_server:
description:
- Second Backup DNS Server. Identified by name or UID. Must be set
when "use-second-backup-dns-server" is true and can not be set when
"use-second-backup-dns-server" is false.
type: str
second_backup_wins_server:
description:
- Second Backup WINS Server. Identified by name or UID. Must be set
when "use-second-backup-wins-server" is true and can not be set
when "use-second-backup-wins-server" is false.
type: str
use_first_backup_dns_server:
description:
- Use First Backup DNS Server.
type: bool
use_first_backup_wins_server:
description:
- Use First Backup WINS Server.
type: bool
use_primary_dns_server:
description:
- Use Primary DNS Server.
type: bool
use_primary_wins_server:
description:
- Use Primary WINS Server.
type: bool
use_second_backup_dns_server:
description:
- Use Second Backup DNS Server.
type: bool
use_second_backup_wins_server:
description:
- Use Second Backup WINS Server.
type: bool
type: dict
radius_server:
description:
- Radius server used to authenticate the user.
type: bool
use_allocate_method:
description:
- Use Allocate Method.
type: bool
virtual_ip_address:
description:
- Virtual IPV4 address for DHCP server replies. Must be set when "allocate-method"
was selected to be "automatic".
type: str
type: dict
anti_spoofing_additional_addresses:
description:
- Additional IP Addresses for Anti-Spoofing. Identified by name or UID. Must
be set when "perform-anti-spoofings" is true.
type: str
group:
description:
- Group. Identified by name or UID. Must be set when "office-mode-permissions"
was selected to be "group".
type: str
mode:
choices:
- 'off'
- specific-group
- all-users
description:
- Office Mode Permissions.When selected to be "off", all the other definitions
are irrelevant.
type: str
perform_anti_spoofing:
description:
- Perform Anti-Spoofing on Office Mode addresses.
type: bool
support_multiple_interfaces:
description:
- Support connectivity enhancement for gateways with multiple external interfaces.
type: bool
type: dict
remote_access:
description:
- Remote Access.
suboptions:
allow_vpn_clients_to_route_traffic:
description:
- Allow VPN clients to route traffic.
type: bool
l2tp_auth_method:
choices:
- certificate
- md5
description:
- L2TP Authentication Method. Must be set when "support-l2tp" is true.
type: str
l2tp_certificate:
description:
- L2TP Certificate. Must be set when "l2tp-auth-method" was selected to be
"certificate". Insert "defaultCert" when you want to use the default certificate.
type: str
nat_traversal_service:
description:
- Allocated NAT traversal UDP service. Identified by name or UID. Must be
set when "support-nat-traversal-mechanism" is true.
type: str
support_l2tp:
description:
- Support L2TP (relevant only when office mode is active).
type: bool
support_nat_traversal_mechanism:
description:
- Support NAT traversal mechanism (UDP encapsulation).
type: bool
support_visitor_mode:
description:
- Support Visitor Mode.
type: bool
visitor_mode_interface:
description:
- Interface for Visitor Mode. Must be set when "support-visitor-mode" is true.
Insert IPV4 Address of existing interface or "All IPs" when you want all
interfaces.
type: str
visitor_mode_service:
description:
- TCP Service for Visitor Mode. Identified by name or UID. Must be set when
"support-visitor-mode" is true.
type: str
type: dict
vpn_domain:
description:
- Gateway VPN domain identified by the name or UID.
type: str
vpn_domain_type:
choices:
- manual
- addresses_behind_gw
description:
- Gateway VPN domain type.
type: str
type: dict
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings
flag was omitted - warnings will also be ignored.
type: bool
url_filtering:
description:
- URL Filtering blade enabled.
type: bool
wait_for_task:
default: true
description:
- Wait for the task to end. Such as publish task.
type: bool
cluster_version:
description:
- Cluster platform version.
type: str
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
threat_emulation:
description:
- Threat Emulation blade enabled.
type: bool
content_awareness:
description:
- Content Awareness blade enabled.
type: bool
firewall_settings:
description:
- N/A
suboptions:
auto_calculate_connections_hash_table_size_and_memory_pool:
description:
- N/A
type: bool
auto_maximum_limit_for_concurrent_connections:
description:
- N/A
type: bool
connections_hash_size:
description:
- N/A
type: int
maximum_limit_for_concurrent_connections:
description:
- N/A
type: int
maximum_memory_pool_size:
description:
- N/A
type: int
memory_pool_size:
description:
- N/A
type: int
type: dict
threat_extraction:
description:
- Threat Extraction blade enabled.
type: bool
application_control:
description:
- Application Control blade enabled.
type: bool
send_logs_to_server:
description:
- Server(s) to send logs to.
elements: str
type: list
auto_publish_session:
default: false
description:
- Publish the current session if changes have been performed after task completes.
type: bool
send_alerts_to_server:
description:
- Server(s) to send alerts to.
elements: str
type: list
wait_for_task_timeout:
default: 30
description:
- How many minutes to wait until throwing a timeout error.
type: int
threat_prevention_mode:
choices:
- autonomous
- custom
description:
- The mode of Threat Prevention to use. When using Autonomous Threat Prevention, disabling
the Threat Prevention blades is not allowed.
type: str
platform_portal_settings:
description:
- Platform portal settings.
suboptions:
accessibility:
description:
- Configuration of the portal access settings.
suboptions:
allow_access_from:
choices:
- rule_base
- internal_interfaces
- all_interfaces
description:
- Allowed access to the web portal (based on interfaces, or security policy).
type: str
internal_access_settings:
description:
- Configuration of the additional portal access settings for internal interfaces
only.
suboptions:
dmz:
description:
- Controls portal access settings for internal interfaces, whose topology
is set to 'DMZ'.
type: bool
undefined:
description:
- Controls portal access settings for internal interfaces, whose topology
is set to 'Undefined'.
type: bool
vpn:
description:
- Controls portal access settings for interfaces that are part of a VPN
Encryption Domain.
type: bool
type: dict
type: dict
certificate_settings:
description:
- Configuration of the portal certificate settings.
suboptions:
base64_certificate:
description:
- The certificate file encoded in Base64 with padding. This file must be in
the *.p12 format.
type: str
base64_password:
description:
- Password (encoded in Base64 with padding) for the certificate file.
type: str
type: dict
portal_web_settings:
description:
- Configuration of the portal web settings.
suboptions:
aliases:
description:
- List of URL aliases that are redirected to the main portal URL.
elements: str
type: list
ip_address:
description:
- Optional, IP address for the web portal to use, if your DNS server fails
to resolve the main portal URL. Note, If your DNS server resolves the main
portal URL, this IP address is ignored.
type: str
main_url:
description:
- The main URL for the web portal.
type: str
type: dict
type: dict
show_portals_certificate:
description:
- Indicates whether to show the portals certificate value in the reply.
type: bool
usercheck_portal_settings:
description:
- UserCheck portal settings.
suboptions:
accessibility:
description:
- Configuration of the portal access settings.
suboptions:
allow_access_from:
choices:
- rule_base
- internal_interfaces
- all_interfaces
description:
- Allowed access to the web portal (based on interfaces, or security policy).
type: str
internal_access_settings:
description:
- Configuration of the additional portal access settings for internal interfaces
only.
suboptions:
dmz:
description:
- Controls portal access settings for internal interfaces, whose topology
is set to 'DMZ'.
type: bool
undefined:
description:
- Controls portal access settings for internal interfaces, whose topology
is set to 'Undefined'.
type: bool
vpn:
description:
- Controls portal access settings for interfaces that are part of a VPN
Encryption Domain.
type: bool
type: dict
type: dict
certificate_settings:
description:
- Configuration of the portal certificate settings.
suboptions:
base64_certificate:
description:
- The certificate file encoded in Base64 with padding. This file must be in
the *.p12 format.
type: str
base64_password:
description:
- Password (encoded in Base64 with padding) for the certificate file.
type: str
type: dict
enabled:
description:
- State of the web portal (enabled or disabled). The supported blades are, {'Application
Control', 'URL Filtering', 'Data Loss Prevention', 'Anti Virus', 'Anti Bot',
'Threat Emulation', 'Threat Extraction', 'Data Awareness'}.
type: bool
portal_web_settings:
description:
- Configuration of the portal web settings.
suboptions:
aliases:
description:
- List of URL aliases that are redirected to the main portal URL.
elements: str
type: list
ip_address:
description:
- Optional, IP address for the web portal to use, if your DNS server fails
to resolve the main portal URL. Note, If your DNS server resolves the main
portal URL, this IP address is ignored.
type: str
main_url:
description:
- The main URL for the web portal.
type: str
type: dict
type: dict
send_logs_to_backup_server:
description:
- Backup server(s) to send logs to.
elements: str
type: list
cp_mgmt_simple_cluster: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict