While working on something else, I noticed I had two objects for some categories, and only one of them works when building a new application/site object. For example, these two UUIDs are both the category "Twitter Clients" in R81.20 jumbo 45:
- 00fa9e44-4064-0f65-e053-08241dc22da2
- 00fa9e44-4178-0f65-e053-08241dc22da2
The difference is in the second block of digits. The first one (4064) is referenced in the primary-category-id field. The second (4178) is referenced in the additional-categories-ids field. When you add a new application/site object, it accepts the 4178 UUID but rejects the 4064 UUID:
[Expert@TestSC:0]# cpinfo -y mgmt
This is Check Point CPinfo Build 914000239 for GAIA
[MGMT]
HOTFIX_R81_20_JUMBO_HF_MAIN Take: 45
[Expert@TestSC:0]# mgmt_cli -f json -r true login > session.txt
[Expert@TestSC:0]# appSite=$(mgmt_cli -f json -s session.txt show application-sites details-level full limit 1 | jq '.objects[]|.')
[Expert@TestSC:0]# echo $appSite | jq '{uuid:.uid,name:.name,primary:."primary-category-id",additional:."additional-categories-ids"}'
{
"uuid": "00fa9e3c-36ef-0f65-e053-08241dc22da2",
"name": "#hashtags",
"primary": "00fa9e44-4064-0f65-e053-08241dc22da2",
"additional": [
"00fa9e44-4178-0f65-e053-08241dc22da2",
"00fa9e44-4150-0f65-e053-08241dc22da2"
]
}
[Expert@TestSC:0]# mgmt_cli -f json -s session.txt show object uid $(echo $appSite | jq '."primary-category-id"') details-level full
{
"object" : {
"uid" : "00fa9e44-4064-0f65-e053-08241dc22da2",
"name" : "Twitter Clients",
"type" : "application-site-category",
"domain" : {
"uid" : "8bf4ac51-2df7-40e1-9bce-bedbedbedbed",
"name" : "APPI Data",
"domain-type" : "data domain"
},
"description" : "Products that are associated with the social networking service 'Twitter' and provide functional use of the sites API.",
"user-defined" : false,
"groups" : [ ],
"comments" : "",
"color" : "black",
"icon" : "Objects/category",
"tags" : [ ],
"meta-info" : {
"lock" : "unlocked",
"validation-state" : "ok",
"last-modify-time" : {
"posix" : 1668642073408,
"iso-8601" : "2022-11-16T23:41+0000"
},
"last-modifier" : "System",
"creation-time" : {
"posix" : 1668642073408,
"iso-8601" : "2022-11-16T23:41+0000"
},
"creator" : "System"
},
"read-only" : true,
"available-actions" : {
"edit" : "false",
"delete" : "false",
"clone" : "false"
}
}
}
[Expert@TestSC:0]# mgmt_cli -f json -s session.txt show object uid $(echo $appSite | jq '."additional-categories-ids"[0]') details-level full
{
"object" : {
"uid" : "00fa9e44-4178-0f65-e053-08241dc22da2",
"name" : "Twitter Clients",
"type" : "application-site-category",
"domain" : {
"uid" : "8bf4ac51-2df7-40e1-9bce-bedbedbedbed",
"name" : "APPI Data",
"domain-type" : "data domain"
},
"description" : "Products that are associated with the social networking service 'Twitter' and provide functional use of the sites API.",
"user-defined" : false,
"groups" : [ ],
"comments" : "",
"color" : "black",
"icon" : "Objects/category",
"tags" : [ ],
"meta-info" : {
"lock" : "unlocked",
"validation-state" : "ok",
"last-modify-time" : {
"posix" : 1668642073093,
"iso-8601" : "2022-11-16T23:41+0000"
},
"last-modifier" : "System",
"creation-time" : {
"posix" : 1668642073093,
"iso-8601" : "2022-11-16T23:41+0000"
},
"creator" : "System"
},
"read-only" : true,
"available-actions" : {
"edit" : "false",
"delete" : "false",
"clone" : "false"
}
}
}
[Expert@TestSC:0]# mgmt_cli -f json -s session.txt add application-site name TestSite primary-category $(echo $appSite | jq '."primary-category-id"') url-list.1 "x.com" url-list.2 "twitter.com"
{
"code" : "err_validation_failed",
"message" : "Validation failed with 1 blocking-error",
"blocking-errors" : [ {
"message" : "Field categoryRef references invalid objects"
} ]
}
[Expert@TestSC:0]# mgmt_cli -f json -s session.txt add application-site name TestSite primary-category $(echo $appSite | jq '."additional-categories-ids"[0]') url-list.1 "x.com" url-list.2 "twitter.com"
{
"uid" : "cc27d837-4e31-4b8c-aa17-3df798189688",
"name" : "TestSite",
"type" : "application-site",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"application-id" : 1509514380,
"primary-category" : "Twitter Clients",
"primary-category-id" : "00fa9e44-4178-0f65-e053-08241dc22da2",
"description" : "",
"risk" : "Unknown",
"user-defined" : true,
"url-list" : [ "x.com", "twitter.com" ],
"urls-defined-as-regular-expression" : false,
"groups" : [ ],
"comments" : "",
"color" : "black",
"icon" : "Objects/application",
"tags" : [ ],
"meta-info" : {
"lock" : "unlocked",
"validation-state" : "ok",
"last-modify-time" : {
"posix" : 1708877792459,
"iso-8601" : "2024-02-25T16:16+0000"
},
"last-modifier" : "WEB_API",
"creation-time" : {
"posix" : 1708877792459,
"iso-8601" : "2024-02-25T16:16+0000"
},
"creator" : "WEB_API"
},
"read-only" : true,
"available-actions" : { }
}
Probably a bug, but seems relatively minor. For now, I'll just send the categories' names when building a new object.