Merge pull request #21 from chkp-orso/master

chkp-yaelg · web-flow · commit e4923ef9574c · 2020-04-05T17:56:38.000+03:00
Add functionality and example to login with api-key
diff --git a/cpapi/mgmt_api.py b/cpapi/mgmt_api.py
@@ -139,6 +139,44 @@ def save_debug_data(self):
             out_file = open(self.debug_file, 'w+')
             out_file.write(json.dumps(self.api_calls, indent=4, sort_keys=True))
 
+    def _common_login_logic(self, credentials, continue_last_session, domain, read_only, payload):
+        if self.context == "web_api":
+            credentials.update({"continue-last-session": continue_last_session,
+                                "read-only": read_only})
+
+        if domain:
+            credentials.update({"domain": domain})
+        if isinstance(payload, dict):
+            credentials.update(payload)
+
+        login_res = self.api_call("login", credentials)
+
+        if login_res.success:
+            self.sid = login_res.data["sid"]
+            self.domain = domain
+            if self.api_version is None:
+                self.api_version = login_res.data["api-server-version"]
+        return login_res
+
+    def login_with_api_key(self, api_key, continue_last_session=False, domain=None, read_only=False,
+              payload=None):
+        """
+        performs a 'login' API call to the management server
+
+        :param api_key: Check Point api-key
+        :param continue_last_session: [optional] It is possible to continue the last Check Point session
+                                      or to create a new one
+        :param domain: [optional] The name, UID or IP-Address of the domain to login.
+        :param read_only: [optional] Login with Read Only permissions. This parameter is not considered in case
+                          continue-last-session is true.
+        :param payload: [optional] More settings for the login command
+        :returns: APIResponse object
+        :side-effects: updates the class's uid and server variables
+        """
+        credentials = {"api-key": api_key}
+
+        return self._common_login_logic(credentials, continue_last_session, domain, read_only, payload)
+
     def login(self, username, password, continue_last_session=False, domain=None, read_only=False,
               payload=None):
         """
@@ -157,23 +195,7 @@ def login(self, username, password, continue_last_session=False, domain=None, re
         """
         credentials = {"user": username, "password": password}
 
-        if self.context == "web_api":
-            credentials.update({"continue-last-session": continue_last_session,
-                                "read-only": read_only})
-
-        if domain:
-            credentials.update({"domain": domain})
-        if isinstance(payload, dict):
-            credentials.update(payload)
-
-        login_res = self.api_call("login", credentials)
-
-        if login_res.success:
-            self.sid = login_res.data["sid"]
-            self.domain = domain
-            if self.api_version is None:
-                self.api_version = login_res.data["api-server-version"]
-        return login_res
+        return self._common_login_logic(credentials, continue_last_session, domain, read_only, payload)
 
     def login_as_root(self, domain=None, payload=None):
         """
diff --git a/examples_python3/add_group_with_api_key.py b/examples_python3/add_group_with_api_key.py
@@ -0,0 +1,79 @@
+#
+# add_group_with_api_key.py
+# version 1.0
+#
+#
+# This example demonstrates communication with Check Point Management server using Management API Library in Python.
+# Login with api-key, and adding a group.
+# The demonstrated commands are:
+#
+#   1. login with api-key
+#   2. adding a group
+#   3. publishing the changes
+#
+# Logout command is called automatically after the work with Management API Library is completed.
+#
+
+from __future__ import print_function
+
+# A package for reading passwords without displaying them on the console.
+import getpass
+
+import sys, os
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+
+# cpapi is a library that handles the communication with the Check Point management server.
+from cpapi import APIClient, APIClientArgs
+
+
+def main():
+    # getting details from the user
+    api_server = input("Enter server IP address or hostname:")
+
+    if sys.stdin.isatty():
+        api_key = getpass.getpass("Enter api-key: ")
+    else:
+        print("Attention! Your api-key will be shown on the screen!")
+        api_key = input("Enter api-key: ")
+
+    client_args = APIClientArgs(server=api_server)
+
+    with APIClient(client_args) as client:
+
+        group_name = input("Enter the name of the group: ")
+
+        #
+        # The API client, would look for the server's certificate SHA1 fingerprint in a file.
+        # If the fingerprint is not found on the file, it will ask the user if he accepts the server's fingerprint.
+        # In case the user does not accept the fingerprint, exit the program.
+        if client.check_fingerprint() is False:
+            print("Could not get the server's fingerprint - Check connectivity with the server.")
+            exit(1)
+
+        # login to server:
+        login_res = client.login_with_api_key(api_key)
+
+        if login_res.success is False:
+            print("Login failed:\n{}".format(login_res.error_message))
+            exit(1)
+
+        # add the group
+        add_group_response = client.api_call("add-group",
+                                            {"name": group_name})
+
+        if add_group_response.success:
+
+            print("The group: '{}' has been added successfully".format(group_name))
+
+            # publish the result
+            publish_res = client.api_call("publish", {})
+            if publish_res.success:
+                print("The changes were published successfully.")
+            else:
+                print("Failed to publish the changes.")
+        else:
+            print("Failed to add the group: '{}', Error:\n{}".format(group_name, add_group_response.error_message))
+
+
+if __name__ == "__main__":
+    main()
diff --git a/setup.py b/setup.py
@@ -3,7 +3,7 @@
 
 setup(
     name="cpapi",
-    version="1.0.4",
+    version="1.1.0",
     author="API team",
     author_email="api_team@checkpoint.com",
     description="Check Point Management API SDK",
