From c2c76cf7c44474f7b67e9a7ff4876f8c0c090656 Mon Sep 17 00:00:00 2001 From: Ron Izraeli Date: Sun, 1 May 2022 18:13:02 +0300 Subject: [PATCH 01/15] Update workflow.yml --- .github/workflows/workflow.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml index 259b486..25e2fbf 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/workflow.yml @@ -1,8 +1,5 @@ name: SourceGuard Code Analysis -on: - push: - branches: - - master +on: [push] jobs: code-analysis: From 1b48afba7db4fdb9c3e89c43083324e1f8f69f39 Mon Sep 17 00:00:00 2001 From: Ron Izraeli Date: Sun, 1 May 2022 18:16:01 +0300 Subject: [PATCH 02/15] Update setup.py --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 8f61347..558f2bd 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ setup( name="cp-mgmt-api-sdk", - version="1.4.0", + version="1.4.1", author="API team", author_email="api_team@checkpoint.com", license='Apache 2.0', From 2aa384145f3a39e3004036fb22a97a6777887558 Mon Sep 17 00:00:00 2001 From: Ron Izraeli Date: Sun, 1 May 2022 18:24:39 +0300 Subject: [PATCH 03/15] Update workflow.yml --- .github/workflows/workflow.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml index 25e2fbf..beb9a78 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/workflow.yml @@ -36,11 +36,11 @@ jobs: --wheel --outdir dist/ . - - name: Publish distribution 📦 to Test PyPI - uses: pypa/gh-action-pypi-publish@master - with: - password: ${{ secrets.TEST_PYPI_API_TOKEN }} - repository_url: https://test.pypi.org/legacy/ +# - name: Publish distribution 📦 to Test PyPI +# uses: pypa/gh-action-pypi-publish@master +# with: +# password: ${{ secrets.TEST_PYPI_API_TOKEN }} +# repository_url: https://test.pypi.org/legacy/ - name: Publish distribution 📦 to PyPI if: startsWith(github.ref, 'refs/tags') uses: pypa/gh-action-pypi-publish@master From c5f21f4893d12f201ba43779decafdb5a77e663d Mon Sep 17 00:00:00 2001 From: chkp-edenbr <94056191+chkp-edenbr@users.noreply.github.com> Date: Sun, 15 May 2022 16:14:39 +0300 Subject: [PATCH 04/15] Update README.md --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f8b6788..08556b0 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,10 @@ Install the SDK by using the pip tool or by downloading the repository. #### Install with pip Run: ``` +pip install cp-mgmt-api-sdk +``` +Or: +``` pip install git+https://github.com/CheckPointSW/cp_mgmt_api_python_sdk ``` ###### Note: you might be required to use "sudo" for this command. @@ -47,7 +51,7 @@ pip install --upgrade git+https://github.com/CheckPointSW/cp_mgmt_api_python_sdk #### Uninstall Uninstall the SDK by using pip tool: ``` -pip uninstall cpapi +pip uninstall cp-mgmt-api-sdk ``` ###### Note: you might be required to use "sudo" for this command. From cc61452c8c8554cbf3a541e4f7fcd10221a5bf96 Mon Sep 17 00:00:00 2001 From: chkp-royl <51701986+chkp-royl@users.noreply.github.com> Date: Wed, 27 Jul 2022 16:54:12 +0300 Subject: [PATCH 05/15] Add support to connect smart-1 cloud (#47) --- cpapi/mgmt_api.py | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/cpapi/mgmt_api.py b/cpapi/mgmt_api.py index 3f79ba0..393873b 100644 --- a/cpapi/mgmt_api.py +++ b/cpapi/mgmt_api.py @@ -42,7 +42,7 @@ class APIClientArgs: def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0, api_calls=None, debug_file="", proxy_host=None, proxy_port=8080, api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api", single_conn=True, - user_agent="python-api-wrapper", sync_frequency=2): + user_agent="python-api-wrapper", sync_frequency=2, cloud_mgmt_id=""): self.port = port # management server fingerprint self.fingerprint = fingerprint @@ -74,6 +74,8 @@ def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", ht self.user_agent = user_agent # Interval size in seconds of the task update self.sync_frequency = sync_frequency + # Smart-1 Cloud management UID + self.cloud_mgmt_id = cloud_mgmt_id class APIClient: @@ -124,6 +126,8 @@ def __init__(self, api_client_args=None): self.user_agent = api_client_args.user_agent # Interval size in seconds of the task update self.sync_frequency = api_client_args.sync_frequency + # Smart-1 Cloud management UID + self.cloud_mgmt_id = api_client_args.cloud_mgmt_id def __enter__(self): return self @@ -318,7 +322,18 @@ def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout= # init https connection. if single connection is True, use last connection conn = self.get_https_connection() - url = "/" + self.context + "/" + (("v" + str(self.api_version) + "/") if self.api_version else "") + command + + url = "" + if self.cloud_mgmt_id != "": + url += "/" + self.cloud_mgmt_id + + url += "/" + self.context + + if self.api_version: + url += "/v" + str(self.api_version) + + url += "/" + command + response = None try: # Send the data to the server From 4ad873c5ff0cd6137ef723648f4b2f805d12f5a9 Mon Sep 17 00:00:00 2001 From: chkp-royl <51701986+chkp-royl@users.noreply.github.com> Date: Wed, 27 Jul 2022 18:22:36 +0300 Subject: [PATCH 06/15] Update setup.py --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 558f2bd..d767a4c 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ setup( name="cp-mgmt-api-sdk", - version="1.4.1", + version="1.5.0", author="API team", author_email="api_team@checkpoint.com", license='Apache 2.0', From 5f7f2554207f9b1393ff5d9a1194fa38ec0391e8 Mon Sep 17 00:00:00 2001 From: Ron Izraeli Date: Thu, 28 Jul 2022 18:51:16 +0300 Subject: [PATCH 07/15] Update workflow.yml --- .github/workflows/workflow.yml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml index beb9a78..334832c 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/workflow.yml @@ -1,17 +1,13 @@ -name: SourceGuard Code Analysis -on: [push] +name: CI Pipeline + +on: + - push + - pull_request jobs: code-analysis: - runs-on: ubuntu-latest - container: - image: sourceguard/sourceguard-cli - steps: - - name: Scan - uses: CheckPointSW/sourceguard-action@main - with: - SG_CLIENT_ID: ${{ secrets.SG_CLIENT_ID }} - SG_SECRET_KEY: ${{ secrets.SG_SECRET_KEY }} + uses: CheckPointSW/org-templates/.github/workflows/code-analysis.yml@main + secrets: inherit build-n-publish: name: Build and publish Python 🐍 distributions 📦 to PyPI From 2a5e6b18de9a2244b9a9b195213b79d5a96c7c43 Mon Sep 17 00:00:00 2001 From: chkp-royl <51701986+chkp-royl@users.noreply.github.com> Date: Wed, 21 Sep 2022 15:18:06 +0300 Subject: [PATCH 08/15] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 08556b0..6b053dd 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,7 @@ export PYTHONPATH=$PYTHONPATH:<“CP-SDK” FULL PATH> ``` For example, if you copied the SDK to the path “/home/admin/” the command will be:
```export PYTHONPATH=$PYTHONPATH:/home/admin/cp_mgmt_api_python_sdk/``` +###### Note: When downloading the repository, directory name will be cp_mgmt_api_python_sdk-master. ## Development Environment The kit is developed using Python versions 2.7 and 3.7 From 7777086aef41ac8264f0b15742361cfbb1365520 Mon Sep 17 00:00:00 2001 From: chkp-royl <51701986+chkp-royl@users.noreply.github.com> Date: Thu, 6 Oct 2022 16:25:58 +0300 Subject: [PATCH 09/15] handle broken pipe error (#49) --- cpapi/mgmt_api.py | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpapi/mgmt_api.py b/cpapi/mgmt_api.py index 393873b..5323121 100644 --- a/cpapi/mgmt_api.py +++ b/cpapi/mgmt_api.py @@ -349,7 +349,7 @@ def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout= res = APIResponse("", False, err_message=err_message) else: res = APIResponse("", False, err_message=err) - except (http_client.CannotSendRequest, http_client.BadStatusLine, ConnectionAbortedError) as e: + except (http_client.CannotSendRequest, http_client.BadStatusLine, ConnectionAbortedError, BrokenPipeError, IOError) as e: self.conn = self.create_https_connection() self.conn.request("POST", url, _data, _headers) response = self.conn.getresponse() diff --git a/setup.py b/setup.py index d767a4c..f233af3 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ setup( name="cp-mgmt-api-sdk", - version="1.5.0", + version="1.6.0", author="API team", author_email="api_team@checkpoint.com", license='Apache 2.0', From 95d476edb04ed05008aaa9631768f918c166c168 Mon Sep 17 00:00:00 2001 From: chkp-yazanb <113822306+chkp-yazanb@users.noreply.github.com> Date: Tue, 22 Nov 2022 11:07:28 +0200 Subject: [PATCH 10/15] align with CME - for pycodestyle issues (#50) --- cpapi/api_exceptions.py | 2 +- cpapi/mgmt_api.py | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cpapi/api_exceptions.py b/cpapi/api_exceptions.py index 6b6145a..625a01f 100644 --- a/cpapi/api_exceptions.py +++ b/cpapi/api_exceptions.py @@ -15,4 +15,4 @@ def __init__(self, value): class TimeoutException(APIException): def __init__(self, value): - APIException.__init__(self, value, None) \ No newline at end of file + APIException.__init__(self, value, None) diff --git a/cpapi/mgmt_api.py b/cpapi/mgmt_api.py index 5323121..3552b7f 100644 --- a/cpapi/mgmt_api.py +++ b/cpapi/mgmt_api.py @@ -179,8 +179,7 @@ def _common_login_logic(self, credentials, continue_last_session, domain, read_o self.api_version = login_res.data["api-server-version"] return login_res - def login_with_api_key(self, api_key, continue_last_session=False, domain=None, read_only=False, - payload=None): + def login_with_api_key(self, api_key, continue_last_session=False, domain=None, read_only=False, payload=None): """ performs a 'login' API call to the management server @@ -349,7 +348,8 @@ def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout= res = APIResponse("", False, err_message=err_message) else: res = APIResponse("", False, err_message=err) - except (http_client.CannotSendRequest, http_client.BadStatusLine, ConnectionAbortedError, BrokenPipeError, IOError) as e: + except (http_client.CannotSendRequest, http_client.BadStatusLine, + ConnectionAbortedError, BrokenPipeError, IOError) as e: self.conn = self.create_https_connection() self.conn.request("POST", url, _data, _headers) response = self.conn.getresponse() @@ -455,8 +455,8 @@ def gen_api_query(self, command, details_level="standard", container_keys=None, for key in container_keys: all_objects[key] = [] iterations = 0 # number of times we've made an API call - limit = 50 # page size to get for each api call - offset = 0 # skip n objects in the database + limit = 50 # page size to get for each api call + offset = 0 # skip n objects in the database if payload is None: payload = {} else: @@ -591,7 +591,7 @@ def check_tasks_status(task_result): :return: """ for task in task_result.data["tasks"]: - if task["status"] == "failed" or task["status"] == "partially succeeded" or task["status"] == "in progress": + if task["status"] == "failed" or task["status"] == "partially succeeded" or task["status"] == "in progress": task_result.set_success_status(False) break @@ -610,7 +610,7 @@ def check_fingerprint(self): local_fingerprint = self.read_fingerprint_from_file(self.server) server_fingerprint = self.get_server_fingerprint() - #Check if fingerprint is passed and matches + # Check if fingerprint is passed and matches if self.fingerprint == server_fingerprint: return True From 459779536ef05af05e1670d7fd8611a154d340c4 Mon Sep 17 00:00:00 2001 From: chkp-olgami <109672880+chkp-olgami@users.noreply.github.com> Date: Wed, 24 May 2023 12:23:35 +0300 Subject: [PATCH 11/15] Added option to use all HTTP methods (#54) * Added option to use all rest API methods * Added comment --- cpapi/mgmt_api.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cpapi/mgmt_api.py b/cpapi/mgmt_api.py index 3552b7f..9a6a834 100644 --- a/cpapi/mgmt_api.py +++ b/cpapi/mgmt_api.py @@ -274,7 +274,7 @@ def login_as_root(self, domain=None, payload=None): except (WindowsError) as err: raise APIClientException("Could not login as root:\n" + str(type(err)) + " - " + str(err)) - def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout=-1): + def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout=-1, method="POST"): """ performs a web-service API request to the management server @@ -287,6 +287,7 @@ def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout= when wait_for_task=False, it is up to the user to call the "show-task" API and check the status of the command. :param timeout: Optional positive timeout (in seconds) before stop waiting for the task even if not completed. + :param method: The HTTP method to use. Defaults is `POST`. :return: APIResponse object :side-effects: updates the class's uid and server variables """ @@ -336,7 +337,7 @@ def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout= response = None try: # Send the data to the server - conn.request("POST", url, _data, _headers) + conn.request(method, url, _data, _headers) # Get the reply from the server response = conn.getresponse() res = APIResponse.from_http_response(response) From 325c7a724a3f8edd0e0ad1bba8b05c7bd2da5a76 Mon Sep 17 00:00:00 2001 From: chkp-edenbr <94056191+chkp-edenbr@users.noreply.github.com> Date: Wed, 24 May 2023 12:25:42 +0300 Subject: [PATCH 12/15] Update setup.py --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index f233af3..b274b14 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ setup( name="cp-mgmt-api-sdk", - version="1.6.0", + version="1.7.0", author="API team", author_email="api_team@checkpoint.com", license='Apache 2.0', From 2f471a7905d5c4f7baa6274202b9222a1bbfd3eb Mon Sep 17 00:00:00 2001 From: chkp-edenbr <94056191+chkp-edenbr@users.noreply.github.com> Date: Mon, 27 Nov 2023 14:16:00 +0200 Subject: [PATCH 13/15] Python 3.12 ssl compatibility fix (#57) * Add sg file * Revert "Add sg file" This reverts commit 726298c13acc2f51fccda85035d2b56c23ef4f4f. * Python 3.12 ssl compatibility fix --- cpapi/mgmt_api.py | 6 +++--- setup.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cpapi/mgmt_api.py b/cpapi/mgmt_api.py index 9a6a834..83d2396 100644 --- a/cpapi/mgmt_api.py +++ b/cpapi/mgmt_api.py @@ -748,8 +748,8 @@ def read_fingerprint_from_file(server, filename="fingerprints.txt"): return "" def create_https_connection(self): - context = ssl.create_default_context() - context.check_hostname = True + context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS) + context.verify_mode = ssl.CERT_NONE # create https connection if self.proxy_host and self.proxy_port: conn = HTTPSConnection(self.proxy_host, self.proxy_port, context=context) @@ -784,7 +784,7 @@ class HTTPSConnection(http_client.HTTPSConnection): """ def connect(self): http_client.HTTPConnection.connect(self) - self.sock = ssl.wrap_socket(self.sock, self.key_file, self.cert_file, cert_reqs=ssl.CERT_NONE) + self.sock = self._context.wrap_socket(self.sock, server_hostname=self.host) def get_fingerprint_hash(self): if self.sock is None: diff --git a/setup.py b/setup.py index b274b14..9b5a5b1 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ setup( name="cp-mgmt-api-sdk", - version="1.7.0", + version="1.8.0", author="API team", author_email="api_team@checkpoint.com", license='Apache 2.0', From 24be1e88544c5cf2fef8415b07b8db6558033bbe Mon Sep 17 00:00:00 2001 From: chkp-edenbr <94056191+chkp-edenbr@users.noreply.github.com> Date: Thu, 6 Feb 2025 14:16:01 +0200 Subject: [PATCH 14/15] hide api-key from debug file (#61) * Add sg file * Revert "Add sg file" This reverts commit 726298c13acc2f51fccda85035d2b56c23ef4f4f. * hide api-key from debug file --- cpapi/mgmt_api.py | 5 ++++- setup.py | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/cpapi/mgmt_api.py b/cpapi/mgmt_api.py index 83d2396..dc42370 100644 --- a/cpapi/mgmt_api.py +++ b/cpapi/mgmt_api.py @@ -368,7 +368,10 @@ def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout= # would not appear as plaintext in the debug file. if command == "login": json_data = compatible_loads(_data) - json_data["password"] = "****" + if "password" in json_data: + json_data["password"] = "****" + if "api-key" in json_data: + json_data["api-key"] = "****" _data = json.dumps(json_data) if self.debug_file: diff --git a/setup.py b/setup.py index 9b5a5b1..b35bd99 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ setup( name="cp-mgmt-api-sdk", - version="1.8.0", + version="1.9.0", author="API team", author_email="api_team@checkpoint.com", license='Apache 2.0', From 5db24fe8b5db2605daf8028e6780604751012eb2 Mon Sep 17 00:00:00 2001 From: chkp-edenbr <94056191+chkp-edenbr@users.noreply.github.com> Date: Thu, 6 Feb 2025 14:27:26 +0200 Subject: [PATCH 15/15] Update workflow.yml (#62) --- .github/workflows/workflow.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml index 334832c..8536ad8 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/workflow.yml @@ -5,9 +5,6 @@ on: - pull_request jobs: - code-analysis: - uses: CheckPointSW/org-templates/.github/workflows/code-analysis.yml@main - secrets: inherit build-n-publish: name: Build and publish Python 🐍 distributions 📦 to PyPI