I finally got the domain-deployment working:
The test-script is like this:
cp_user=$1
password=$2
CP_Domain=TestDomain
CMA_IP=10.64.54.250
CMA=Test-mgmt
MDM_Server=CPMGT01
cp_api_url="https://fwmgmt/web_api"
cp_vs_name=vs-Test
VSX_Cluster=VSX_Cluster_1
NB_VM_PRI_IP=7.7.7.1
NB_VS_INT="add interface name bond1.3333 ip 7.7.7.1/29, add interface name bond1.3334 ip 192.168.100.1/24"
# check if an array contains a specific value
containsElement () {
local array="${@:2}"
for((i=0;i<${#array[@]};i++))
do
if [ "${array[$i]}" == "$1" ]; then
return 0
fi
done
return 1
}
# check the status of a task. is it "in progress"? if 'yes' return 0, else return '1'
is_status_in_progress() {
# call the 'show-task' API, save result to a JSON file.
curl -s -k -H "Content-Type: application/json" -H "X-chkp-sid: $SID" -X POST -d '{ "task-id" : "'$CP_TASKID'" }' $cp_api_url/show-task | jq > show_task_result.json
# use JQ to get the status. $STATUS is an array becuase there could be 'child' tasks.
STATUS=$(jq -r '.tasks[].status' show_task_result.json)
PERCENTAGE=$(jq -r '.tasks[]."progress-percentage"' show_task_result.json)
# go over the array look for 'in progress'
containsElement "in progress" ${STATUS[@]}
IS_IN_PROGRESS=$?
}
# as long as the task is in progress, wait 3 seconds and check again.
wait_for_task() {
is_status_in_progress
while [ $IS_IN_PROGRESS == "0" ]
do
echo "in progress. $PERCENTAGE Percent completed"
is_status_in_progress
sleep 3
done
}
SID=`curl -s -k -H "Content-Type: application/json" -H "Accept: bla" -X POST "$cp_api_url/login" -d "{\"user\":\"$cp_user\",\"password\":\"$password\"}" -s | awk -F\" '/sid/ {print $4}'`
CP_TASKID=`curl -s -k -H "Content-Type: application/json" -H "X-chkp-sid: $SID" -X POST -d '{"name":"'$CP_Domain'","servers":{"ip-address":"'$CMA_IP'","name":"'$CMA'","multi-domain-server":"'$MDM_Server'"}}' $cp_api_url/add-domain | jq | grep '"task-id"' | awk -F'["]' '{ print $4 }'`
#Wait for deployment is done
echo "Deploying new domain $CP_Domain"
wait_for_task
#Add domain to trusted-client
echo "Deployment status for domain $CP_Domain: ${STATUS[@]}"
#reset task-id variable
CP_TASKID=
echo "Adding Domain to trusted-client AnyHost"
curl -s -k -H "Content-Type: application/json" -H "X-chkp-sid: $SID" -X POST -d '{"name":"AnyHost","domains-assignment":{"add":"'$CP_Domain'"}}' $cp_api_url/set-trusted-client # send to log
#publish Trusted client addition
CP_TASKID=`curl -s -k -H "Content-Type: application/json" -H "Accept: bla" -H "X-chkp-sid: $SID" -X POST -d '{}' $cp_api_url/publish | jq | grep '"task-id"' | awk -F'["]' '{ print $4 }'`
echo "Publishing new trusted client config"
wait_for_task
echo "Publishing status for trusted client AnyHost for $CP_Domain: ${STATUS[@]}"
<here would go further deployment scripting, like VSX deployment>
echo "logging out"
#curl -k -H "Content-Type: application/json" -H "Accept: bla" -H "X-chkp-sid: $SID" -X POST -d '{}' $cp_api_url/logout
rm ./show_task_result.json
Hopefully someone else can make use of this somewhere.