Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bob_Zimmerman
Authority
Authority

Disappearing object type in APIv1.9 (R81.20)

Just found a weird bug in R81.20 jumbo 41. I've only seen it on a lab MDS so far, and the affected object types suggest it may be limited to MDSs:

[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid d98894f9-57ef-6649-a69f-5f3dcf09a02c
{
  "object" : {
    "uid" : "d98894f9-57ef-6649-a69f-5f3dcf09a02c",
    "name" : "TestMDS",
    "type" : "CpmiMds",
    "domain" : {
      "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
      "name" : "System Data",
      "domain-type" : "mds"
    },
    "icon" : "Provider-1/login_mds_obj",
    "color" : "black"
  }
}

[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid d98894f9-57ef-6649-a69f-5f3dcf09a02c details-level full
{
  "object" : {
    "uid" : "d98894f9-57ef-6649-a69f-5f3dcf09a02c",
    "name" : "TestMDS",
    "type" : "",
    "domain" : {
      "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
      "name" : "System Data",
      "domain-type" : "mds"
    },
    "color" : "black",
    "meta-info" : {
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1706384267583,
        "iso-8601" : "2024-01-27T19:37+0000"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1706384267583,
        "iso-8601" : "2024-01-27T19:37+0000"
      },
      "creator" : "System"
    },
    "tags" : [ ],
    "icon" : "Provider-1/login_mds_obj",
    "comments" : "",
    "display-name" : "",
    "customFields" : null
  }
}

When I add details-level full, the object's type field becomes an empty string. So far, it happens for CpmiMds, CpmiPv1Customer, and CpmiPv1ExternalCaWithCert objects.

It definitely does not occur with 97aeb36a-9aea-11d5-bd16-0090272ccb30 (the object "None"), which has a type of CpmiAnyObject.

0 Kudos
6 Replies
JozkoMrkvicka
Authority
Authority

In R81.20 Take 43, the API version was upgraded to 1.9.1. You can also try to specify older versions, in order to find if such a bug is seen in all versions, or just on newer ones.

Kind regards,
Jozko Mrkvicka
0 Kudos
Bob_Zimmerman
Authority
Authority

I missed that jumbo 43 is out. With it, MDS objects now have the type "mds" (instead of the older type "CpmiMds"), and that type sticks around with details-level full. The other two are still broken, though. I rebuilt the MDS from scratch, installed jumbo 43, then built my initial config:

[Expert@TestMDS:0]# cpinfo -y mgmt

This is Check Point CPinfo Build 914000239 for GAIA
[MGMT]
	HOTFIX_R81_20_JUMBO_HF_MAIN	Take:  43



[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid de41548d-81c8-4133-ba04-2b2b6710c2a4
{
  "object" : {
    "uid" : "de41548d-81c8-4133-ba04-2b2b6710c2a4",
    "name" : "TestMDS",
    "type" : "mds",
    "domain" : {...},
    "icon" : "Objects/mds",
    "color" : "black"
  }
}
[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid de41548d-81c8-4133-ba04-2b2b6710c2a4 details-level full
{
  "object" : {
    "uid" : "de41548d-81c8-4133-ba04-2b2b6710c2a4",
    "name" : "TestMDS",
    "type" : "mds",
    "domain" : {...},
    "ipv4-address" : "169.254.0.3",
    "ipv6-address" : "",
    "sic-name" : "cn=cp_mgmt,o=TestMDS.standingmds.mylab.local.rwwthh",
    "sic-state" : "trust established",
    "server-type" : "multi-domain server",
    "ip-pool-first" : "",
    "ip-pool-last" : "",
    "domains" : [ {...}, {
      "uid" : "288d18bb-666c-4592-a511-b3caa02e8089",
      "name" : "Contoso",
      "type" : "domain",
      "domain" : {...},
      "global-domain-assignments" : [ "fe8f9107-b344-409e-98df-a1c3db8fbf93" ],
      "domain-type" : "domain",
      "servers" : [...],
      "comments" : "",
      "color" : "black",
      "icon" : "Objects/domain",
      "tags" : [ ],
      "meta-info" : {...},
      "read-only" : false,
      "available-actions" : {...}
    }, {...} ],
    "global-domains" : [...],
    "color" : "black",
    "icon" : "Objects/mds",
    "tags" : [ ],
    "meta-info" : {...},
    "read-only" : false,
    "available-actions" : {...}
  }
}



[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid e1707092-53e4-4bdd-82e0-cb4ae8054eb5
{
  "object" : {
    "uid" : "e1707092-53e4-4bdd-82e0-cb4ae8054eb5",
    "name" : "Contoso",
    "type" : "CpmiPv1Customer",
    "domain" : {...},
    "icon" : "Provider-1/customer",
    "color" : "black"
  }
}
[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid e1707092-53e4-4bdd-82e0-cb4ae8054eb5 details-level full
{
  "object" : {
    "uid" : "e1707092-53e4-4bdd-82e0-cb4ae8054eb5",
    "name" : "Contoso",
    "type" : "",
    "domain" : {...},
    "color" : "black",
    "meta-info" : {...},
    "tags" : [ ],
    "icon" : "Provider-1/customer",
    "comments" : "",
    "display-name" : "",
    "customFields" : null
  }
}



[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid 6fdfb2a8-8ed9-df4e-92e1-a3942a61fd52
{
  "object" : {
    "uid" : "6fdfb2a8-8ed9-df4e-92e1-a3942a61fd52",
    "name" : "gInternalCA_of_Contoso",
    "type" : "CpmiPv1ExternalCaWithCert",
    "domain" : {...},
    "icon" : "Unknown",
    "color" : "black"
  }
}
[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid 6fdfb2a8-8ed9-df4e-92e1-a3942a61fd52 details-level full
{
  "object" : {
    "uid" : "6fdfb2a8-8ed9-df4e-92e1-a3942a61fd52",
    "name" : "gInternalCA_of_Contoso",
    "type" : "",
    "domain" : {...},
    "color" : "black",
    "meta-info" : {...},
    "tags" : [ ],
    "icon" : "Unknown",
    "comments" : "",
    "display-name" : "",
    "customFields" : null
  }
}
0 Kudos
Bob_Zimmerman
Authority
Authority

Just found one which is much worse:

[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid 3a3e0556-ada9-5144-af97-7a527916e979
{
  "object" : {
    "uid" : "3a3e0556-ada9-5144-af97-7a527916e979",
    "name" : "AnyHost",
    "type" : "trusted-client",
    "domain" : {
      "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
      "name" : "System Data",
      "domain-type" : "mds"
    },
    "icon" : "General/GuiClient",
    "color" : "black"
  }
}
[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid 3a3e0556-ada9-5144-af97-7a527916e979 details-level full
{
  "object" : {
    "uid" : "3a3e0556-ada9-5144-af97-7a527916e979",
    "name" : "AnyHost",
    "type" : "any",
    "domain" : {
      "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
      "name" : "System Data",
      "domain-type" : "mds"
    },
    "domains-assignment" : [ ],
    "multi-domain-server-trusted-client" : true,
    "comments" : "",
    "color" : "black",
    "icon" : "General/GuiClient",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1706448920836,
        "iso-8601" : "2024-01-28T13:35+0000"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1706448920836,
        "iso-8601" : "2024-01-28T13:35+0000"
      },
      "creator" : "System"
    },
    "read-only" : false,
    "available-actions" : {
      "edit" : "true",
      "delete" : "true",
      "clone" : "true"
    }
  }
}
0 Kudos
Bob_Zimmerman
Authority
Authority

The MDS situation is weirder than I initially thought. There are at least two different objects for the MDS. One shows up when you run 'show mdss'. Mine has the UUID de41548d-81c8-4133-ba04-2b2b6710c2a4 with type: mds, and the type remains when you add 'details-level full' to the call.

The other one shows up in 'show objects'. Mine has the UUID 7f54e8a1-e856-ba45-bca2-7fa14782eca4 with type: CpmiMds, and the type becomes an empty string when you add 'details-level full' to the call.

[Expert@TestMDS:0]# mgmt_cli -f json -r true show mdss
{
  "objects" : [ {
    "uid" : "de41548d-81c8-4133-ba04-2b2b6710c2a4",
    "name" : "TestMDS",
    "type" : "mds",
    "domain" : {...},
    "icon" : "Objects/mds",
    "color" : "black"
  } ],
  "from" : 1,
  "to" : 1,
  "total" : 1
}
[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid de41548d-81c8-4133-ba04-2b2b6710c2a4
{
  "object" : {
    "uid" : "de41548d-81c8-4133-ba04-2b2b6710c2a4",
    "name" : "TestMDS",
    "type" : "mds",
    "domain" : {...},
    "icon" : "Objects/mds",
    "color" : "black"
  }
}
[Expert@TestMDS:0]# !! details-level full
mgmt_cli -f json -r true show object uid de41548d-81c8-4133-ba04-2b2b6710c2a4 details-level full
{
  "object" : {
    "uid" : "de41548d-81c8-4133-ba04-2b2b6710c2a4",
    "name" : "TestMDS",
    "type" : "mds",
    "domain" : {...},
    "ipv4-address" : "169.254.0.3",
    "ipv6-address" : "",
    "sic-name" : "cn=cp_mgmt,o=TestMDS.standingmds.mylab.local.rwwthh",
    "sic-state" : "trust established",
    "server-type" : "multi-domain server",
    "ip-pool-first" : "",
    "ip-pool-last" : "",
    "domains" : [...],
    "global-domains" : [...],
    "color" : "black",
    "icon" : "Objects/mds",
    "tags" : [ ],
    "meta-info" : {...},
    "read-only" : false,
    "available-actions" : {...}
  }
}



[Expert@TestMDS:0]# mgmt_cli -f json -r true show objects limit 500 | jq -c ".objects[]|." | grep '"TestMDS"' | jq .
{
  "uid": "7f54e8a1-e856-ba45-bca2-7fa14782eca4",
  "name": "TestMDS",
  "type": "CpmiMds",
  "domain": {...},
  "icon": "Provider-1/login_mds_obj",
  "color": "black"
}
[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid 7f54e8a1-e856-ba45-bca2-7fa14782eca4
{
  "object" : {
    "uid" : "7f54e8a1-e856-ba45-bca2-7fa14782eca4",
    "name" : "TestMDS",
    "type" : "CpmiMds",
    "domain" : {...},
    "icon" : "Provider-1/login_mds_obj",
    "color" : "black"
  }
}
[Expert@TestMDS:0]# !! details-level full
mgmt_cli -f json -r true show object uid 7f54e8a1-e856-ba45-bca2-7fa14782eca4 details-level full
{
  "object" : {
    "uid" : "7f54e8a1-e856-ba45-bca2-7fa14782eca4",
    "name" : "TestMDS",
    "type" : "",
    "domain" : {...},
    "color" : "black",
    "meta-info" : {...},
    "tags" : [ ],
    "icon" : "Provider-1/login_mds_obj",
    "comments" : "",
    "display-name" : "",
    "customFields" : null
  }
}

 

0 Kudos
the_rock
Legend
Legend

Correct, it was upgraded, but from what I can see, not too many improvements.

Best,

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority

Another odd quirk I noticed. Certain object types have different names depending on the details-level. This is a simple-gateway defined in the domain named Contoso:

[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid 325be8e8-1c20-48a8-9800-8aedfcc80feb
{
  "object" : {
    "uid" : "325be8e8-1c20-48a8-9800-8aedfcc80feb",
    "name" : "BerlinFW",
    "type" : "simple-gateway",
    "domain" : {
      "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
      "name" : "System Data",
      "domain-type" : "mds"
    },
    "icon" : "NetworkObjects/gateway",
    "color" : "black"
  }
}
[Expert@TestMDS:0]# mgmt_cli -f json -r true show object uid 325be8e8-1c20-48a8-9800-8aedfcc80feb details-level full
{
  "object" : {
    "uid" : "325be8e8-1c20-48a8-9800-8aedfcc80feb",
    "name" : "BerlinFW_._._Contoso",
    "type" : "simple-gateway",
    "domain" : {
      "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
      "name" : "System Data",
      "domain-type" : "mds"
    },
    "interfaces" : [ ],
    "ipv4-address" : "10.111.255.1",
    "dynamic-ip" : false,
    "version" : "R81.20",
    ...
  }
}

So far, I have seen this with simple-gateway, simple-cluster, cluster-member, and checkpoint-host objects.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events