From c84db5c7395a058dba19e2ff4555d9615c6100d7 Mon Sep 17 00:00:00 2001 From: chkp-edenbr <94056191+chkp-edenbr@users.noreply.github.com> Date: Wed, 12 Oct 2022 12:22:09 +0300 Subject: [PATCH 1/9] Add Python version requirements (#80) * Add err_message to debug log when failing to update updatable objects repository * Add error_message to debug_log if exists * Don't export available-actions field * Add option to export-import simple-cluster Add to relevant lists and dictionaries fields that shouldn't be exported in simple-gateway since they caused failure in import * Add option to export-import simple-cluster Add to relevant lists and dictionaries fields that shouldn't be exported in simple-gateway since they caused failure in import * Add Python version requirements --- README.md | 4 ++++ import_export_package.py | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/README.md b/README.md index 126bfa1..dc053b6 100644 --- a/README.md +++ b/README.md @@ -31,3 +31,7 @@ To export a package, run the import_export_package.py script. An interactive men ## Development Environment The tool is developed using Python language version 2.7.9 and [Check Point API Python SDK.](https://github.com/CheckPoint-APIs-Team/cpapi-python-sdk) From version 5.0 the tool is developed using Python language version 3.7. + +## Requirements +From version 5.0 the min Python language version required is 3.7. +Last release to support Python language version 2.7.9 is v4.2. diff --git a/import_export_package.py b/import_export_package.py index 1850f25..7223666 100644 --- a/import_export_package.py +++ b/import_export_package.py @@ -1,5 +1,7 @@ from __future__ import print_function +import sys + import argparse from cpapi import APIClient, APIClientArgs @@ -21,6 +23,8 @@ def get_version(client): if __name__ == "__main__": + if sys.version_info < (3, 7): + raise Exception("Min Python version required is 3.7") arg_parser = argparse.ArgumentParser(description="R80.X Policy Package Export/Import Tool, V5.8") args = process_arguments(arg_parser) From 0d32493eefd163f1b21b70d101c90cb422affdf8 Mon Sep 17 00:00:00 2001 From: chkp-orito <62652825+chkp-orito@users.noreply.github.com> Date: Tue, 4 Apr 2023 13:58:26 +0300 Subject: [PATCH 2/9] skip export for primary-category-id (#81) * skip export for primary-category-id * skip additional-categories-ids --- lists_and_dictionaries.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lists_and_dictionaries.py b/lists_and_dictionaries.py index ab877e2..3508254 100644 --- a/lists_and_dictionaries.py +++ b/lists_and_dictionaries.py @@ -832,7 +832,7 @@ "simple-cluster": ["logs-settings", "save-logs-locally", "sic-message", "sic-state"] + simple_gateway_cluster_common['no_export_fields'] + simple_gateway_cluster_common['fields_to_convert_from_obj_to_identifier'], # todo-delete this line when those objects can be imported successfully - "application-site": ["application-id", "risk", "user-defined"], + "application-site": ["application-id", "risk", "user-defined", "primary-category-id", "additional-categories-ids"], "application-site-category": ["user-defined"], "data-center-object": ["name-in-data-center", "data-center", "data-center-object-meta-info", "deleted", "type-in-data-center", "additional-properties"] From 56c8fef564f5e3d0920b8936a1d7774e55a63358 Mon Sep 17 00:00:00 2001 From: chkp-edenbr <94056191+chkp-edenbr@users.noreply.github.com> Date: Tue, 4 Apr 2023 14:10:22 +0300 Subject: [PATCH 3/9] Update import_export_package.py --- import_export_package.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/import_export_package.py b/import_export_package.py index 7223666..ac011ab 100644 --- a/import_export_package.py +++ b/import_export_package.py @@ -26,7 +26,7 @@ def get_version(client): if sys.version_info < (3, 7): raise Exception("Min Python version required is 3.7") - arg_parser = argparse.ArgumentParser(description="R80.X Policy Package Export/Import Tool, V5.8") + arg_parser = argparse.ArgumentParser(description="R80.X Policy Package Export/Import Tool, V5.8.2") args = process_arguments(arg_parser) if args.force: args.unsafe_auto_accept = True From c5963bbf062eecec2f6035ea692525fdd71c26de Mon Sep 17 00:00:00 2001 From: chkp-orito <62652825+chkp-orito@users.noreply.github.com> Date: Thu, 20 Apr 2023 16:01:18 +0300 Subject: [PATCH 4/9] fix import for application-site objects and threat and https rules (#82) * fix import for threat and https rules * fix import for application-site objects --- importing/import_objects.py | 6 +++--- lists_and_dictionaries.py | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/importing/import_objects.py b/importing/import_objects.py index 4d07afa..56b80c3 100644 --- a/importing/import_objects.py +++ b/importing/import_objects.py @@ -966,7 +966,7 @@ def add_suffix_to_objects(payload, api_type, objects_suffix): return fields_to_change = ["name", "source", "destination", "service", "members", "inline-layer", "networks", "host", - "protected-scope", "protection-or-site", "exception-group-name", "rule-name", "applied-threat-rules"] + "protected-scope", "protection-or-site", "action", "site-category", "exception-group-name", "rule-name", "applied-threat-rules"] if api_type == "threat-exception" and "exception-group-name" in payload and "name" not in payload: payload.update({"name": ""}) for field in fields_to_change: @@ -976,11 +976,11 @@ def add_suffix_to_objects(payload, api_type, objects_suffix): newName = oldName + objects_suffix payload[field] = newName changed_object_names_map[oldName] = newName - elif field in ["source", "destination", "service", "members", "protected-scope", "protection-or-site"]: + elif field in ["source", "destination", "service", "members", "protected-scope", "protection-or-site", "site-category"]: for i in range(len(payload[field])): if payload[field][i] in changed_object_names_map and payload[field][i] != "IPS": payload[field][i] = changed_object_names_map[payload[field][i]] - elif field in ["inline-layer", "host", "exception-group-name", "rule-name"]: + elif field in ["inline-layer", "host", "exception-group-name", "rule-name", "action"]: if payload[field] in changed_object_names_map: payload[field] = changed_object_names_map[payload[field]] elif field == "networks": diff --git a/lists_and_dictionaries.py b/lists_and_dictionaries.py index 3508254..1bf35d8 100644 --- a/lists_and_dictionaries.py +++ b/lists_and_dictionaries.py @@ -715,6 +715,9 @@ "service-group": 2, "time-group": 2, "application-group": 2, + "application-site-category": 1, + "application-site": 2, + "application-site-group": 3, } generic_objects_for_rule_fields = { From 29d7c2ccbd037d3ae5804b0fa2aeca87f25f403a Mon Sep 17 00:00:00 2001 From: chkp-edenbr <94056191+chkp-edenbr@users.noreply.github.com> Date: Thu, 20 Apr 2023 16:04:14 +0300 Subject: [PATCH 5/9] Update import_export_package.py --- import_export_package.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/import_export_package.py b/import_export_package.py index ac011ab..baad53e 100644 --- a/import_export_package.py +++ b/import_export_package.py @@ -26,7 +26,7 @@ def get_version(client): if sys.version_info < (3, 7): raise Exception("Min Python version required is 3.7") - arg_parser = argparse.ArgumentParser(description="R80.X Policy Package Export/Import Tool, V5.8.2") + arg_parser = argparse.ArgumentParser(description="R80.X Policy Package Export/Import Tool, V5.8.3") args = process_arguments(arg_parser) if args.force: args.unsafe_auto_accept = True From 7c9d642372f726700798c0e8231990a3253c1b4b Mon Sep 17 00:00:00 2001 From: chkp-orito <62652825+chkp-orito@users.noreply.github.com> Date: Thu, 27 Apr 2023 14:04:19 +0300 Subject: [PATCH 6/9] fix indent (#84) --- importing/import_objects.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/importing/import_objects.py b/importing/import_objects.py index 56b80c3..24d6056 100644 --- a/importing/import_objects.py +++ b/importing/import_objects.py @@ -980,7 +980,7 @@ def add_suffix_to_objects(payload, api_type, objects_suffix): for i in range(len(payload[field])): if payload[field][i] in changed_object_names_map and payload[field][i] != "IPS": payload[field][i] = changed_object_names_map[payload[field][i]] - elif field in ["inline-layer", "host", "exception-group-name", "rule-name", "action"]: + elif field in ["inline-layer", "host", "exception-group-name", "rule-name", "action"]: if payload[field] in changed_object_names_map: payload[field] = changed_object_names_map[payload[field]] elif field == "networks": From fc6a56ba5927af76d2defe86d7450b6c539bd1a1 Mon Sep 17 00:00:00 2001 From: chkp-royl <51701986+chkp-royl@users.noreply.github.com> Date: Thu, 27 Apr 2023 14:05:12 +0300 Subject: [PATCH 7/9] Update import_export_package.py --- import_export_package.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/import_export_package.py b/import_export_package.py index baad53e..41c8a79 100644 --- a/import_export_package.py +++ b/import_export_package.py @@ -26,7 +26,7 @@ def get_version(client): if sys.version_info < (3, 7): raise Exception("Min Python version required is 3.7") - arg_parser = argparse.ArgumentParser(description="R80.X Policy Package Export/Import Tool, V5.8.3") + arg_parser = argparse.ArgumentParser(description="R80.X Policy Package Export/Import Tool, V5.8.4") args = process_arguments(arg_parser) if args.force: args.unsafe_auto_accept = True From a4602f286e1e8788e7c1485e82dbbfbf39a0d857 Mon Sep 17 00:00:00 2001 From: chkp-royl <51701986+chkp-royl@users.noreply.github.com> Date: Thu, 25 Jan 2024 16:25:32 +0200 Subject: [PATCH 8/9] Add support to api key (#86) --- import_export_package.py | 8 +++-- menu.py | 75 +++++++++++++++++++++++++--------------- utils.py | 6 +++- 3 files changed, 59 insertions(+), 30 deletions(-) diff --git a/import_export_package.py b/import_export_package.py index 41c8a79..5777b34 100644 --- a/import_export_package.py +++ b/import_export_package.py @@ -41,8 +41,12 @@ def get_version(client): payload["read-only"] = "true" if args.operation == "export" else "false" if args.session_timeout: payload["session-timeout"] = args.session_timeout - login_reply = client.login(username=args.username, password=args.password, domain=args.domain, - payload=payload) + if args.api_key: + login_reply = client.login_with_api_key(api_key=args.api_key, domain=args.domain, + payload=payload) + else: + login_reply = client.login(username=args.username, password=args.password, domain=args.domain, + payload=payload) handle_login_fail(not login_reply.success, "Login to management server failed. " + str(login_reply)) elif args.login == '2': if args.session_timeout: diff --git a/menu.py b/menu.py index 8a6861b..3219521 100644 --- a/menu.py +++ b/menu.py @@ -59,8 +59,8 @@ def build(self): self.lowest_level = 2 display = False elif self.level == 2: - if not (self.args.username or self.args.password or - self.args.session_id or self.args.session_file or self.args.root): + if not (self.args.api_key or self.args.username or self.args.password or + self.args.session_id or self.args.session_file or self.args.root): self.title = "Please select a login method:" self.options = ["Enter user credentials manually", "Login as Root", "Use an existing session file", "Use an existing session UID"] @@ -68,7 +68,7 @@ def build(self): else: if self.args.root: self.self_args.login = '2' - elif self.args.username or self.args.password: + elif self.args.username or self.args.password or self.args.api_key: self.self_args.login = '1' elif self.args.session_file: self.self_args.login = '3' @@ -80,10 +80,13 @@ def build(self): elif self.level == 3 and self.export: if not self.args.force: self.title = "The script will run with the following parameters:\n" + \ - "Export Access-Control layers = " + str(self.self_args.access or self.self_args.all) + "\n" + \ + "Export Access-Control layers = " + str( + self.self_args.access or self.self_args.all) + "\n" + \ "Export NAT layers = " + str(self.self_args.nat or self.self_args.all) + "\n" + \ - "Export Threat-Prevention layers = " + str(self.self_args.threat or self.self_args.all) + "\n" + \ - "Export HTTPS Inspection layers = " + str(self.self_args.https or self.self_args.all) + "\n" + \ + "Export Threat-Prevention layers = " + str( + self.self_args.threat or self.self_args.all) + "\n" + \ + "Export HTTPS Inspection layers = " + str( + self.self_args.https or self.self_args.all) + "\n" + \ "Output-file name = " + str(self.self_args.output_file) + "\n" + \ "Management Server IP = " + str(self.self_args.management) + "\n" + \ "Management Server Port = " + str(self.self_args.port) + "\n" + \ @@ -129,19 +132,14 @@ def build(self): "Change Management Server Port", "Change the domain name"] self.last_option = "Exit" if self.level == self.lowest_level else "Back" elif self.level == 5: - if not self.args.username: - self.title = "Please enter your username:" - self.options = [] + if not self.self_args.api_key and not self.self_args.username and not self.self_args.password: + self.title = "Please select authentication method:" + self.options = ["Username & Password", + "API Key"] + self.last_option = "Exit" if self.level == self.lowest_level else "Back" else: - self.level = 6 - display = False - elif self.level == 6: - if not self.args.password: - # The menu title will be provided at the password prompt self.title = "" self.options = [] - else: - return if display: self.display() else: @@ -212,7 +210,8 @@ def handle_input(self): elif choice == 2: self.self_args.threat = not self.self_args.threat self.menu_print( - "Exporting of Threat-Prevention layers " + "enabled" if self.self_args.threat else "disabled", 2) + "Exporting of Threat-Prevention layers " + "enabled" if self.self_args.threat else "disabled", + 2) elif choice == 3: self.self_args.nat = not self.self_args.nat self.menu_print( @@ -255,17 +254,39 @@ def handle_input(self): except ValueError: self.display_wrong_choice() elif self.level == 5: - if not self.self_args.username: - self.self_args.username = input() - self.level = 6 - elif self.level == 6: - if not self.self_args.password: - if sys.stdin.isatty(): - self.self_args.password = getpass.getpass("Please enter your password:\n") + try: + choice = None + if self.self_args.username or self.self_args.password: + choice = 1 + elif self.self_args.api_key: + choice = 2 else: - print("Attention! Your password will be shown on the screen!", file=sys.stderr) - self.self_args.password = input("Please enter your password:\n") - return + choice = int(input()) + if choice == 1: + if not self.self_args.username: + self.menu_print("Please enter your username:", 0) + self.self_args.username = input() + if not self.self_args.password: + if sys.stdin.isatty(): + self.self_args.password = getpass.getpass("Please enter your password:\n") + else: + print("Attention! Your password will be shown on the screen!", file=sys.stderr) + self.self_args.password = input("Please enter your password:\n") + return + elif choice == 2: + if not self.self_args.api_key: + if sys.stdin.isatty(): + self.self_args.api_key = getpass.getpass("Please enter your API key:\n") + else: + print("Attention! Your API key will be shown on the screen!", file=sys.stderr) + self.self_args.api_key = input("Please enter your API key:\n") + return + elif choice == 99: + self.level = 3 + else: + self.display_wrong_choice() + except ValueError: + self.display_wrong_choice() self.build() def display_wrong_choice(self): diff --git a/utils.py b/utils.py index 969b253..3faca12 100644 --- a/utils.py +++ b/utils.py @@ -35,7 +35,11 @@ def populate_parser(parser): parser.add_argument("-u", "--username", required=False, default=os.getenv('MGMT_CLI_USER'), help="The management administrator's user name.\nEnvironment variable: MGMT_CLI_USER") parser.add_argument("-p", "--password", required=False, - help="The management administrator's password.\nEnvironment variable: MGMT_CLI_PASSWORD") + help="The management administrator's password.\nEnvironment variable: MGMT_CLI_PASSWORD", + default=os.getenv('MGMT_CLI_PASSWORD')) + parser.add_argument("--api-key", required=False, + help="The management administrator's API Key.\nEnvironment variable: MGMT_CLI_API_KEY", + default=os.getenv('MGMT_CLI_API_KEY')) parser.add_argument("-m", "--management", required=False, default=os.getenv('MGMT_CLI_MANAGEMENT', "127.0.0.1"), help="The management server's IP address (In the case of a Multi-Domain Environment, use the IP address of the MDS domain).\nDefault: 127.0.0.1\nEnvironment variable: MGMT_CLI_MANAGEMENT") parser.add_argument("--port", "--server-port", required=False, default=os.getenv('MGMT_CLI_PORT', 443), From 06dfae5a6df6d09f9c8e6550213c2bee6fb1b9b2 Mon Sep 17 00:00:00 2001 From: chkp-royl <51701986+chkp-royl@users.noreply.github.com> Date: Thu, 25 Jan 2024 17:41:24 +0200 Subject: [PATCH 9/9] Update import_export_package.py (#87) --- import_export_package.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/import_export_package.py b/import_export_package.py index 5777b34..ea38701 100644 --- a/import_export_package.py +++ b/import_export_package.py @@ -26,7 +26,7 @@ def get_version(client): if sys.version_info < (3, 7): raise Exception("Min Python version required is 3.7") - arg_parser = argparse.ArgumentParser(description="R80.X Policy Package Export/Import Tool, V5.8.4") + arg_parser = argparse.ArgumentParser(description="R80.X Policy Package Export/Import Tool, V5.9.0") args = process_arguments(arg_parser) if args.force: args.unsafe_auto_accept = True