Solved: 501 error with Publish using web_api/publish

Larionov_Ivan · ‎2024-05-07

Hi All,

I'm trying to use 'web_service' to publish changes on the management server (81.20). I'm following the format in the 'Management API Reference' (https://sc1.checkpoint.com/documents/latest/APIs/#web/publish~v1.8.1%20)

Receive error with publish function: {'code': 'not_implemented', 'message': 'Publishing other than current session is not implemented'}

My Python code:

def get_sid():
    r = requests.post(
        url=f"{chkpt['url']}/web_api/login", 
        headers={"Content-Type" : "application/json"},
        json={'api-key' : chkpt['api-key']},
        verify=False
    )
    r.raise_for_status()
 
    return r.json()
 
def set_session(name, description, comment):
    r = requests.post(
        url=f"{chkpt['url']}/web_api/set-session",
        headers=headers,
        json={
            "new-name" : name,
            "description" : description,
            "comments" : comment},
        verify=False
    )
    r.raise_for_status()
 
    return r.json()
 
def publish(uid):
    r = requests.post(
        url=f"{chkpt['url']}/web_api/publish",
        headers=headers,
        json={'uid' : uid},
        verify=False
    )
    r.raise_for_status()
 
 
### Full scenario
 
# Login
headers = {
        "Content-Type" : "application/json",
        "X-chkp-sid" : get_sid()['sid'] 
    }
 
# Set name/description/comment for session
new_session = set_session(name, description, comment)
 
# Add new hosts to some group
create_new_objects()
 
# Publish changes
publish(new_session['uid'])
 
# install policy
install_policy(policy_name)

PhoneBoy · ‎2024-05-08

The documentation is correct insofar as this is the intent of passing a uid, specifically publishing a DIFFERENT session from the one specified as part of the X-chkp-sid header.
However, as the error message clearly states, this is not currently implemented.
Which means you should not pass uid as part of your payload, but rather an empty JSON string: { }

View solution in original post

Bob_Zimmerman · ‎2024-05-08

You need to include an empty JSON object. I just tested:

➜  PublishTest> curl -ks "https://${TestMgmt}/web_api/login" --header "Content-Type: application/json" -d '{"user":"admin","password":"1qaz!QAZ","read-only":false}' >session1.txt
Session1Uuid=$(jq '.uid' session1.txt)
Session1Sid=$(jq '.sid' session1.txt | tr -d '"')
curl -ks "https://${TestMgmt}/web_api/login" --header "Content-Type: application/json" -d '{"user":"admin","password":"1qaz!QAZ","read-only":false}' >session2.txt
Session2Uuid=$(jq '.uid' session2.txt)
Session2Sid=$(jq '.sid' session2.txt | tr -d '"')

➜  PublishTest> curl -k "https://${TestMgmt}/web_api/publish" --header "X-Chkp-Sid: ${Session1Sid}" --header "Content-Type: application/json" -d "{\"uid\":${Session1Uuid}}"
{
  "code" : "not_implemented",
  "message" : "Publishing other than current session is not implemented"
}

➜  PublishTest> curl -k "https://${TestMgmt}/web_api/publish" --header "X-Chkp-Sid: ${Session1Sid}" --header "Content-Type: application/json" -d "{\"uid\":${Session2Uuid}}"
{
  "code" : "not_implemented",
  "message" : "Publishing other than current session is not implemented"
}

➜  PublishTest> curl -k "https://${TestMgmt}/web_api/publish" --header "X-Chkp-Sid: ${Session1Sid}" --header "Content-Type: application/json"
{
  "code" : "generic_err_missing_session_id",
  "message" : "No query parameters are found"
}

➜  PublishTest> curl -k "https://${TestMgmt}/web_api/publish" --header "X-Chkp-Sid: ${Session1Sid}" --header "Content-Type: application/json" -X POST
{
  "code" : "generic_err_invalid_syntax",
  "message" : "Payload is empty"
}

➜  PublishTest> curl -k "https://${TestMgmt}/web_api/publish" --header "X-Chkp-Sid: ${Session1Sid}" --header "Content-Type: application/json" -d "{}"
{
  "task-id" : "01234567-89ab-cdef-ace5-5d8aa277909b"
}

Note that a call to /publish with just the POST method but no body at all returns the "Payload is empty" error.

View solution in original post

PhoneBoy · ‎2024-05-07

To publish the current session, you do not need to pass a uid to the publish function.
In fact, that's exactly what the error is saying (this function is not implemented).
The session that will be published is the one passed with X-chkp-sid in the HTTP headers.

@Omer_Kleinstern if publishing another session isn't implemented, shouldn't the docs reflect this?

Larionov_Ivan · ‎2024-05-08

Thanks for the reply, but I'm unsure what I should put to the payload of the function Publish.

If I put the current login session UID - the same error 501 {'code': 'not_implemented', 'message': 'Publishing other than current session is not implemented'}

If I remove uid from the function - get 400 {'code': 'generic_err_invalid_syntax', 'message': 'Payload is empty'}

Documents said:

Session unique identifier. Specify it to publish a different session than the one you currently use.

PhoneBoy · ‎2024-05-08

The documentation is correct insofar as this is the intent of passing a uid, specifically publishing a DIFFERENT session from the one specified as part of the X-chkp-sid header.
However, as the error message clearly states, this is not currently implemented.
Which means you should not pass uid as part of your payload, but rather an empty JSON string: { }

Amir_Senn · ‎2024-05-08

I recommend looking at the examples in the API guide if something is unclear.

https://sc1.checkpoint.com/documents/latest/APIs/index.html?#web/publish~v1.9.1%20

From API login command reference, it returns uid in the answer for the following:

uid

string

Session object unique identifier. This identifier may be used in the discard API to discard changes that were made in this session, when administrator is working from another session, or in the 'switch-session' API.

Kind regards, Amir Senn

PhoneBoy · ‎2024-05-08

Yes, and the fact that an empty JSON string must be sent is clearly shown in the example.

Bob_Zimmerman · ‎2024-05-08

You need to include an empty JSON object. I just tested:

➜  PublishTest> curl -ks "https://${TestMgmt}/web_api/login" --header "Content-Type: application/json" -d '{"user":"admin","password":"1qaz!QAZ","read-only":false}' >session1.txt
Session1Uuid=$(jq '.uid' session1.txt)
Session1Sid=$(jq '.sid' session1.txt | tr -d '"')
curl -ks "https://${TestMgmt}/web_api/login" --header "Content-Type: application/json" -d '{"user":"admin","password":"1qaz!QAZ","read-only":false}' >session2.txt
Session2Uuid=$(jq '.uid' session2.txt)
Session2Sid=$(jq '.sid' session2.txt | tr -d '"')

➜  PublishTest> curl -k "https://${TestMgmt}/web_api/publish" --header "X-Chkp-Sid: ${Session1Sid}" --header "Content-Type: application/json" -d "{\"uid\":${Session1Uuid}}"
{
  "code" : "not_implemented",
  "message" : "Publishing other than current session is not implemented"
}

➜  PublishTest> curl -k "https://${TestMgmt}/web_api/publish" --header "X-Chkp-Sid: ${Session1Sid}" --header "Content-Type: application/json" -d "{\"uid\":${Session2Uuid}}"
{
  "code" : "not_implemented",
  "message" : "Publishing other than current session is not implemented"
}

➜  PublishTest> curl -k "https://${TestMgmt}/web_api/publish" --header "X-Chkp-Sid: ${Session1Sid}" --header "Content-Type: application/json"
{
  "code" : "generic_err_missing_session_id",
  "message" : "No query parameters are found"
}

➜  PublishTest> curl -k "https://${TestMgmt}/web_api/publish" --header "X-Chkp-Sid: ${Session1Sid}" --header "Content-Type: application/json" -X POST
{
  "code" : "generic_err_invalid_syntax",
  "message" : "Payload is empty"
}

➜  PublishTest> curl -k "https://${TestMgmt}/web_api/publish" --header "X-Chkp-Sid: ${Session1Sid}" --header "Content-Type: application/json" -d "{}"
{
  "task-id" : "01234567-89ab-cdef-ace5-5d8aa277909b"
}

Note that a call to /publish with just the POST method but no body at all returns the "Payload is empty" error.

Are you a member of CheckMates?

501 error with Publish using web_api/publish