Merge branch 'CheckPointSW:master' into master

import_export_package.py

@@ -26,7 +26,7 @@ def get_version(client):
     if sys.version_info < (3, 7):
         raise Exception("Min Python version required is 3.7")
 
-    arg_parser = argparse.ArgumentParser(description="R80.X Policy Package Export/Import Tool, V5.8")
+    arg_parser = argparse.ArgumentParser(description="R80.X Policy Package Export/Import Tool, V5.9.0")
     args = process_arguments(arg_parser)
     if args.force:
         args.unsafe_auto_accept = True
@@ -41,8 +41,12 @@ def get_version(client):
             payload["read-only"] = "true" if args.operation == "export" else "false"
             if args.session_timeout:
                 payload["session-timeout"] = args.session_timeout
-            login_reply = client.login(username=args.username, password=args.password, domain=args.domain,
-                                       payload=payload)
+            if args.api_key:
+                login_reply = client.login_with_api_key(api_key=args.api_key, domain=args.domain,
+                                                        payload=payload)
+            else:
+                login_reply = client.login(username=args.username, password=args.password, domain=args.domain,
+                                           payload=payload)
             handle_login_fail(not login_reply.success, "Login to management server failed. " + str(login_reply))
         elif args.login == '2':
             if args.session_timeout:

importing/import_objects.py

@@ -966,7 +966,7 @@ def add_suffix_to_objects(payload, api_type, objects_suffix):
         return
 
     fields_to_change = ["name", "source", "destination", "service", "members", "inline-layer", "networks", "host",
-                        "protected-scope", "protection-or-site", "exception-group-name", "rule-name", "applied-threat-rules"]
+                        "protected-scope", "protection-or-site", "action", "site-category", "exception-group-name", "rule-name", "applied-threat-rules"]
     if api_type == "threat-exception" and "exception-group-name" in payload and "name" not in payload:
         payload.update({"name": ""})
     for field in fields_to_change:
@@ -976,11 +976,11 @@ def add_suffix_to_objects(payload, api_type, objects_suffix):
                 newName = oldName + objects_suffix
                 payload[field] = newName
                 changed_object_names_map[oldName] = newName
-            elif field in ["source", "destination", "service", "members", "protected-scope", "protection-or-site"]:
+            elif field in ["source", "destination", "service", "members", "protected-scope", "protection-or-site", "site-category"]:
                 for i in range(len(payload[field])):
                     if payload[field][i] in changed_object_names_map and payload[field][i] != "IPS":
                         payload[field][i] = changed_object_names_map[payload[field][i]]
-            elif field in ["inline-layer", "host", "exception-group-name", "rule-name"]:
+            elif field in ["inline-layer", "host", "exception-group-name", "rule-name", "action"]:
                 if payload[field] in changed_object_names_map:
                     payload[field] = changed_object_names_map[payload[field]]
             elif field == "networks":

lists_and_dictionaries.py

@@ -773,6 +773,9 @@
     "service-group": 2,
     "time-group": 2,
     "application-group": 2,
+    "application-site-category": 1,
+    "application-site": 2,
+    "application-site-group": 3,
 }
 
 generic_objects_for_rule_fields = {
@@ -890,7 +893,7 @@
 
     "simple-cluster": ["logs-settings", "save-logs-locally", "sic-message", "sic-state"] + simple_gateway_cluster_common['no_export_fields'] +
                       simple_gateway_cluster_common['fields_to_convert_from_obj_to_identifier'], # todo-delete this line when those objects can be imported successfully
-    "application-site": ["application-id", "risk", "user-defined"],
+    "application-site": ["application-id", "risk", "user-defined", "primary-category-id", "additional-categories-ids"],
     "application-site-category": ["user-defined"],
     "data-center-object": ["name-in-data-center", "data-center", "data-center-object-meta-info", "deleted",
                            "type-in-data-center", "additional-properties"]

menu.py

@@ -59,16 +59,16 @@ def build(self):
                 self.lowest_level = 2
                 display = False
         elif self.level == 2:
-            if not (self.args.username or self.args.password or
-                        self.args.session_id or self.args.session_file or self.args.root):
+            if not (self.args.api_key or self.args.username or self.args.password or
+                    self.args.session_id or self.args.session_file or self.args.root):
                 self.title = "Please select a login method:"
                 self.options = ["Enter user credentials manually", "Login as Root",
                                 "Use an existing session file", "Use an existing session UID"]
                 self.last_option = "Back"
             else:
                 if self.args.root:
                     self.self_args.login = '2'
-                elif self.args.username or self.args.password:
+                elif self.args.username or self.args.password or self.args.api_key:
                     self.self_args.login = '1'
                 elif self.args.session_file:
                     self.self_args.login = '3'
@@ -80,10 +80,13 @@ def build(self):
         elif self.level == 3 and self.export:
             if not self.args.force:
                 self.title = "The script will run with the following parameters:\n" + \
-                             "Export Access-Control layers = " + str(self.self_args.access or self.self_args.all) + "\n" + \
+                             "Export Access-Control layers = " + str(
+                    self.self_args.access or self.self_args.all) + "\n" + \
                              "Export NAT layers = " + str(self.self_args.nat or self.self_args.all) + "\n" + \
-                             "Export Threat-Prevention layers = " + str(self.self_args.threat or self.self_args.all) + "\n" + \
-                             "Export HTTPS Inspection layers = " + str(self.self_args.https or self.self_args.all) + "\n" + \
+                             "Export Threat-Prevention layers = " + str(
+                    self.self_args.threat or self.self_args.all) + "\n" + \
+                             "Export HTTPS Inspection layers = " + str(
+                    self.self_args.https or self.self_args.all) + "\n" + \
                              "Output-file name = " + str(self.self_args.output_file) + "\n" + \
                              "Management Server IP = " + str(self.self_args.management) + "\n" + \
                              "Management Server Port = " + str(self.self_args.port) + "\n" + \
@@ -129,19 +132,14 @@ def build(self):
                             "Change Management Server Port", "Change the domain name"]
             self.last_option = "Exit" if self.level == self.lowest_level else "Back"
         elif self.level == 5:
-            if not self.args.username:
-                self.title = "Please enter your username:"
-                self.options = []
+            if not self.self_args.api_key and not self.self_args.username and not self.self_args.password:
+                self.title = "Please select authentication method:"
+                self.options = ["Username & Password",
+                                "API Key"]
+                self.last_option = "Exit" if self.level == self.lowest_level else "Back"
             else:
-                self.level = 6
-                display = False
-        elif self.level == 6:
-            if not self.args.password:
-                # The menu title will be provided at the password prompt
                 self.title = ""
                 self.options = []
-            else:
-                return
         if display:
             self.display()
         else:
@@ -212,7 +210,8 @@ def handle_input(self):
                 elif choice == 2:
                     self.self_args.threat = not self.self_args.threat
                     self.menu_print(
-                        "Exporting of Threat-Prevention layers " + "enabled" if self.self_args.threat else "disabled", 2)
+                        "Exporting of Threat-Prevention layers " + "enabled" if self.self_args.threat else "disabled",
+                        2)
                 elif choice == 3:
                     self.self_args.nat = not self.self_args.nat
                     self.menu_print(
@@ -255,17 +254,39 @@ def handle_input(self):
             except ValueError:
                 self.display_wrong_choice()
         elif self.level == 5:
-            if not self.self_args.username:
-                self.self_args.username = input()
-            self.level = 6
-        elif self.level == 6:
-            if not self.self_args.password:
-                if sys.stdin.isatty():
-                    self.self_args.password = getpass.getpass("Please enter your password:\n")
+            try:
+                choice = None
+                if self.self_args.username or self.self_args.password:
+                    choice = 1
+                elif self.self_args.api_key:
+                    choice = 2
                 else:
-                    print("Attention! Your password will be shown on the screen!", file=sys.stderr)
-                    self.self_args.password = input("Please enter your password:\n")
-            return
+                    choice = int(input())
+                if choice == 1:
+                    if not self.self_args.username:
+                        self.menu_print("Please enter your username:", 0)
+                        self.self_args.username = input()
+                    if not self.self_args.password:
+                        if sys.stdin.isatty():
+                            self.self_args.password = getpass.getpass("Please enter your password:\n")
+                        else:
+                            print("Attention! Your password will be shown on the screen!", file=sys.stderr)
+                            self.self_args.password = input("Please enter your password:\n")
+                    return
+                elif choice == 2:
+                    if not self.self_args.api_key:
+                        if sys.stdin.isatty():
+                            self.self_args.api_key = getpass.getpass("Please enter your API key:\n")
+                        else:
+                            print("Attention! Your API key will be shown on the screen!", file=sys.stderr)
+                            self.self_args.api_key = input("Please enter your API key:\n")
+                    return
+                elif choice == 99:
+                    self.level = 3
+                else:
+                    self.display_wrong_choice()
+            except ValueError:
+                self.display_wrong_choice()
         self.build()
 
     def display_wrong_choice(self):

utils.py

@@ -35,7 +35,11 @@ def populate_parser(parser):
     parser.add_argument("-u", "--username", required=False, default=os.getenv('MGMT_CLI_USER'),
                         help="The management administrator's user name.\nEnvironment variable: MGMT_CLI_USER")
     parser.add_argument("-p", "--password", required=False,
-                        help="The management administrator's password.\nEnvironment variable: MGMT_CLI_PASSWORD")
+                        help="The management administrator's password.\nEnvironment variable: MGMT_CLI_PASSWORD",
+                        default=os.getenv('MGMT_CLI_PASSWORD'))
+    parser.add_argument("--api-key", required=False,
+                        help="The management administrator's API Key.\nEnvironment variable: MGMT_CLI_API_KEY",
+                        default=os.getenv('MGMT_CLI_API_KEY'))
     parser.add_argument("-m", "--management", required=False, default=os.getenv('MGMT_CLI_MANAGEMENT', "127.0.0.1"),
                         help="The management server's IP address (In the case of a Multi-Domain Environment, use the IP address of the MDS domain).\nDefault: 127.0.0.1\nEnvironment variable: MGMT_CLI_MANAGEMENT")
     parser.add_argument("--port", "--server-port", required=False, default=os.getenv('MGMT_CLI_PORT', 443),