checkpointsw / cp_mgmt_api_python_sdk Goto Github PK

View Code? Open in Web Editor NEW

93.0 39.0 58.0 133 KB

Check Point API Python Development Kit simplifies the use of the Check Point Management APIs.

License: Apache License 2.0

Python 100.00%

management-api gaia-api

cp_mgmt_api_python_sdk's People

Contributors

Stargazers

Watchers

Forkers

phandox g4ndr4lf solintecitola xbyorange zibartsk chkp-tomerso chkp-ofer vanharrewijn chkp-yuvalfe chkp-orso vishnutaarak saggib ashwin-sid rinatstern jmperalb jomb adrenlinerush chkp-shakedme mhernandezit parkerpatel zabuzajoe bita1978 chkp-timurk mrandri oogaboogabooga simonmacpherson ccgithubtg 3v1lw1th1n aque kaushik853 randy803 oldflint89 ariwahyu11 pontoriero3 jkurdik cotizaciones chkp-shirango senas23 jcralbino chkp-edenbr chkp-alonshev dhansham chkp-yaelg ofirshi chkp-netzer dywisor joezint sltkin chkp-royl chkp-xaviera chkp-yazanb mahendras25 vyavaharesagar chkp-olgami bruce-wh-li senfomat zvikar72 egroeper

cp_mgmt_api_python_sdk's Issues

Python Version

When I tried with my lab [EVE-NG R81.10] it appears that given script is executing, but it appears to run the script it requires Python3;
I assume, in my lab there is no policy i configured and I could not test it, also under access rule base export getting null value, but seems its complied. So this development kit should working on Python3 version and higher, kindly change compatible version.

[Expert@checkpoint-mgmt:0]# /opt/CPsuite-R81.10/fw1/Python/bin/python3 import_export_package.py
Welcome to the Policy Package Import/Export Tool.
What would you like to do?

Import a package
Export a package
Exit
99

[Expert@checkpoint-mgmt:0]# /opt/CPsuite-R81.10/fw1/Python/bin/python2 import_export_package.py
Traceback (most recent call last):
File "import_export_package.py", line 27, in
raise Exception("Min Python version required is 3.7")
Exception: Min Python version required is 3.7
[Expert@checkpoint-mgmt:0]#

[Expert@checkpoint-mgmt:0]# /opt/CPsuite-R81.10/fw1/Python/bin/python3.7 export_access_rulebase.py
[Expert@checkpoint-mgmt:0]#

Is there a good way for me to obtain all access sections under the layer?

pip install-python3

Hi team
i was trying to do pip install but getting this error (windows machine)
C:>pip install cp_mgmt_api_python_sdk
Collecting cp_mgmt_api_python_sdk
Could not find a version that satisfies the requirement cp_mgmt_api_python_sdk
(from versions: )
No matching distribution found for cp_mgmt_api_python_sdk

Is it because of python3 in my windows machine?

Missing meta data

Dear Developer,

For readability and Search Engine Optimization (SEO) it would be great if you could do the followings:

Please provide more than 8 words in the "About" field

why we don't upload this to pypi

we can upload this to pypi and it will be easier to download and install through pip install

Python 3.12 AttributeError: module 'ssl' has no attribute 'wrap_socket'

Hi,

When I attempt to use the library on Python 3.12 I receive the following error:

Enter server IP address or hostname:192.168.12.5
Enter username: admin
Enter password: 
Traceback (most recent call last):
  File "c:\Users\brad\Documents\GitHub\nvdlib\nvdlib\nvdlib\tests\testapi.py", line 67, in <module>
    main()
  File "c:\Users\brad\Documents\GitHub\nvdlib\nvdlib\nvdlib\tests\testapi.py", line 41, in main    
    login_res = client.login(username, password)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                       n
  File "C:\Program Files\Python312\Lib\site-packages\cpapi\mgmt_api.py", line 324, in api_ payload)call                                                                                      ^^^^^^^^^
    conn = self.get_https_connection()                                                    mon_login_logic
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python312\Lib\site-packages\cpapi\mgmt_api.py", line 771, in get_https_connection                                                                          call
    self.conn = self.create_https_connection()
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python312\Lib\site-packages\cpapi\mgmt_api.py", line 765, in creahttps_connectionte_https_connection
    conn.connect()
  File "C:\Program Files\Python312\Lib\site-packages\cpapi\mgmt_api.py", line 787, in connte_https_connectionect
    self.sock = ssl.wrap_socket(self.sock, self.key_file, self.cert_file, cert_reqs=ssl.CEectRT_NONE)                                                                                  RT_NONE)
                ^^^^^^^^^^^^^^^
AttributeError: module 'ssl' has no attribute 'wrap_socket'

I believe this is due to ssl.wrap_socket being deprecated in favor of ssl.SSLContext.wrap_socket as stated in the What's New for Python 3.12: https://docs.python.org/3.12/whatsnew/3.12.html#ssl

Remove the ssl.wrap_socket() function, deprecated in Python 3.7: instead, create a ssl.SSLContext object and call its ssl.SSLContext.wrap_socket method. Any package that still uses ssl.wrap_socket() is broken and insecure. The function neither sends a SNI TLS extension nor validates server hostname. Code is subject to CWE-295: Improper Certificate Validation. (Contributed by Victor Stinner in gh-94199.)

package name collision with cpapi / OpenMaya

Hello,
There is another package with the same name already published to pypi (https://pypi.org/project/cpapi/), so if someone accidentally type "pip install cpapi" after seeing a message "No module named 'cpapi'" he gets this OpenMaya package (why is it called cpapi - I don't know, I hope it's not malicious but it would be possible to use it as such).
It is kind of annoying that your package is not available via pypi, as it is hard to use it in another packages as dependency, also installing from git is not always an option; would it be possible to give the package unique name and publish it to pypi ?

API_key request login failed

Hi,

I testing your sdk and there is a problem with API_key request.

def main():
    api_server = "10.0.20.254"
    server_port = 8443
    client_args = APIClientArgs(server=api_server, port=server_port)
    api_key="xxxxxxxxxxxxxxxxxx=="
    with APIClient(client_args) as client:   
        # login to server:
        login_res = client.login_with_api_key(api_key)
        if login_res.success is False:
            print("Login failed: {}".format(login_res.error_message))
            exit(1)

I have this error :
Login failed: APIResponse received a response which is not a valid JSON.

I tested with the original port (443) it's the same.
I tested the API_key on the MGMT locally and it's works.

With client.login(username,password) work fine.

Can you help me please ?

policies with ipv6 only objects break the clone_object.py

cp_mgmt_api_python_sdk/examples_python2/clone_host.py

Line 385 in f1d7eab

if host_object["ipv4-address"] != orig_host_ip:

Hi Guys,

If there is a policy with an ipv6 only object the clone_host.py will throw a KeyError exception as the api will not return ipv4-address as part of the json response. Putting the ipv4 address check in a try statment seemed to be a good fix for the issue.

try:
if host_object["ipv4-address"] != orig_host_ip:
continue
except KeyError:
continue

Problems with cp_mgmt_api_python_sdk - can't log in

[root@networks-test examples_python2]# python ./find_dup_ip.py
Enter server IP address or hostname:weed
Enter username: API_admin
Enter password:
Login failed:
APIResponse received a response which is not a valid JSON.

api_calls.json
[
{
"request": {
"headers": {
"Accept": "/",
"Content-Length": 98,
"Content-Type": "application/json",
"User-Agent": "python-api-wrapper"
},
"payload": {
"continue-last-session": false,
"password": "****",
"read-only": false,
"user": "API_admin"
},
"url": "/web_api/login"
},
"response": {
"data": null,
"status_code": 403
}
}
]

This worked for me 12 months ago. I have updated the management version to R80.30 possibly since it last worked.

Memory Error

Hello,

I am trying to find duplicate IPs on my R80.10 Management Server and getting following error when i run the script.

[Expert@P-WKG-VAP005:0]# $FWDIR/Python/bin/python find_dup_ip.py
Enter server IP address or hostname:localhost
Enter username: admin_ashfaquey
Enter password:

Saving data to debug file api_calls.json

Traceback (most recent call last):
File "find_dup_ip.py", line 93, in
main()
File "find_dup_ip.py", line 58, in main
exit(1)
File "/home/admin/cp_mgmt_api_python_sdk-master/lib/mgmt_api.py", line 109, in exit
self.save_debug_data()
File "/home/admin/cp_mgmt_api_python_sdk-master/lib/mgmt_api.py", line 128, in save_debug_data
out_file.write(json.dumps(self.api_calls, indent=4, sort_keys=True))
File "/opt/CPsuite-R80/fw1/Python/lib/python2.7/json/init.py", line 251, in dumps
sort_keys=sort_keys, **kw).encode(obj)
File "/opt/CPsuite-R80/fw1/Python/lib/python2.7/json/encoder.py", line 209, in encode
chunks = list(chunks)
MemoryError

Support for Python 3

Hello,

do you plan supporting Python 3 with your SDK? Python 2.7 will go out of life in 2 years, it's time to move to Python 3, don't you think?

https://pythonclock.org/

Thanks.

api endpoints called with limit are failing

Hey,

Not sure if this SDK is in use by anyone - If so this error is beyond me how it can exist for so long :) Or I am severly misunderstanding something? I hope so.

when calling any api call with the gen_api_query function from mgmt_api.py there is a hardcoded limit key value being injected.

from mgmt_api.py:
payload.update({"limit": limit, "offset": iterations * limit + offset, "details-level": details_level})
this part makes any query that does not take a limit flag fail - like show-access-layer.

The fix is replacing it with something like:

if limit > 0:
payload.update({"limit": limit, "offset": iterations * limit, "details-level": details_level})
else:
payload.update({"details-level": details_level})

Bug in exception handling in save_fingerprint_to_file can cause crash

When getting a PermissionError in save_fingerprint_to_file, the normal execution should continue.
However, due to a bug in the log call, this causes a failure.

Traceback (most recent call last):
  File "/var/lib/inmanta/eb192c74-a791-4a3d-8e1f-57100ca0d8bd/agent/env/lib/python3.6/site-packages/cpapi/mgmt_api.py", line 667, in save_fingerprint_to_file
    with open(filename, 'w') as filedump:
PermissionError: [Errno 13] Permission denied: 'fingerprints.txt'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/inmanta/lib64/python3.6/site-packages/inmanta/agent/handler.py", line 856, in execute
    self.pre(ctx, resource)
  File "/var/lib/inmanta/eb192c74-a791-4a3d-8e1f-57100ca0d8bd/agent/code/modules/checkpoint/plugins/__init__.py", line 75, in pre
    self._client.login()
  File "/var/lib/inmanta/eb192c74-a791-4a3d-8e1f-57100ca0d8bd/agent/code/modules/checkpoint/plugins/__init__.py", line 201, in login
    self._username, self._password, payload={"session-name": self.SESSION_NAME}
  File "/var/lib/inmanta/eb192c74-a791-4a3d-8e1f-57100ca0d8bd/agent/env/lib/python3.6/site-packages/cpapi/mgmt_api.py", line 198, in login
    return self._common_login_logic(credentials, continue_last_session, domain, read_only, payload)
  File "/var/lib/inmanta/eb192c74-a791-4a3d-8e1f-57100ca0d8bd/agent/env/lib/python3.6/site-packages/cpapi/mgmt_api.py", line 152, in _common_login_logic
    login_res = self.api_call("login", credentials)
  File "/var/lib/inmanta/eb192c74-a791-4a3d-8e1f-57100ca0d8bd/agent/env/lib/python3.6/site-packages/cpapi/mgmt_api.py", line 264, in api_call
    self.check_fingerprint()
  File "/var/lib/inmanta/eb192c74-a791-4a3d-8e1f-57100ca0d8bd/agent/env/lib/python3.6/site-packages/cpapi/mgmt_api.py", line 589, in check_fingerprint
    self.save_fingerprint_to_file(self.server, server_fingerprint)
  File "/var/lib/inmanta/eb192c74-a791-4a3d-8e1f-57100ca0d8bd/agent/env/lib/python3.6/site-packages/cpapi/mgmt_api.py", line 672, in save_fingerprint_to_file
    print("Couldn't open file: " + filename + " for writing.\n" + e.message, file=sys.stderr)
AttributeError: 'PermissionError' object has no attribute 'message'

KeyError: 'sid'

File "/usr/local/lib/python3.9/site-packages/cpapi/mgmt_api.py", line 176, in _common_login_logic
self.sid = login_res.data["sid"]
KeyError: 'sid'

Login with Certificates

Hey folks,

thanks for your great work!

For our current project - I was wondering wether a login with certificates is possible?

Looking forward to your answer,

Kristof

Option to discard pending changes on exception

Currently when using APIClient as context manager and an exception is raised, the session is closed but stays in the session list containing all changes and locks.

I would like to have a variant, where all pending changes made in the APIClient session are automatically discarded, when an exception occurs.

"show logs"

can i use "show logs" cmd with this module? or is it limited to the cmds that are mentioned in readMe?

The rule to add in specific section parameter not accepting

If we want to add a rule in a specific section (e.g we have a clean up rule, Main rule ) add a rule in "Main Rule" section at the bottom is not allowing

connection timeout

Hello.
How can I set the connection timeout? I don't see such a setting. The connection hangs if the api server is not available.

Publish on pypi.org

Hi,
I can't seem to find this package on Pypi.
Is published at all?

setup.py

import setuptools
from setuptools import setup

setup(
name="cpapi",
version="1.1.2",
author="API team",
author_email="[email protected]",
description="Check Point Management API SDK",
long_description="Check Point API Python Development Kit simplifies the usage of the Check Point Management APIs. "
"The kit contains the API library project, "
"and sample projects demonstrating the capabilities of the library. "
"The kit is python 2 and 3 compatible code.",
long_description_content_type="text",
url="https://github.com/CheckPointSW/cp_mgmt_api_python_sdk.git",
packages=setuptools.find_packages(),
classifiers=[
"Programming Language :: Python :: 2.7",
"Programming Language :: Python :: 3",
"License :: OSI Approved :: Apache License",
"Operating System :: OS Independent",
],

)

help me