Re: Is there a way to get a file using the API?

Jordan_Martin1 · ‎2018-07-18

I am trying to write an ansible script that will audit the configuration settings of the firewall and output to a text file. I can do all of that, but I don't know how to use the API to retrieve that output file. I've seen the command put-file, but is there any equivalent to get-file?

Robert_Decker · ‎2018-07-18

Hi Jordan,

There is no API for get-file operation, but maybe you can use the run-script command to run a script on the management that returns the content of a file as its result.

BTW, I cannot sign in to GitHub from home and reply to you, but from your recent error I realize that you are not using the latest cpAnsible sources. Please check again.

Robert.

Jordan_Martin1 · ‎2018-07-18

Hi Robert. You're right about GitHub. I didn't realize that you had made a fix. Thanks for that. As for the run-script API, however, it is not possible to receive anything in response except for some json that indicates the command went through successfully. You can never actually see the output of anything. This is probably something that needs to be corrected by the API folks.

Robert_Decker · ‎2018-07-18

Jordan,

I'm the API folk 🙂

The response of the command should contain the full details of the command result.

You can run the mgmt_cli run-script command on your management and verify how the results should be.

Maybe you have to configure the ansible to correctly get the full results (verbose option...).

Robert.

Jordan_Martin1 · ‎2018-07-18

The response from run-script includes only one output as discussed in the documentation here: Check Point - Management API reference. An example of the output is here: {"tasks": [{"target": "ztestintfw1","task-id": "7edefe91-b4b3-4c8a-bbe8-a7286ca86133"}]}. Note that there is no output listed, just a target and a task-id. Neither or which is particularly helpful.

Robert_Decker · ‎2018-07-18

Ok.

This looks like a problem here - the run-script command returns a tasks container and not a single task-id.

I'll check tomorrow at work and get back to you.

Robert.

Jordan_Martin1 · ‎2018-07-19

Any word on how to resolve this?

Robert_Decker · ‎2018-07-19

This will take some time.

I need to change the code in our Python SDK to fix the issue.

Robert.

Robert_Decker · ‎2018-07-18

Jordan,

Please read this post, and watch the video, may be very helpful for you -

https://community.checkpoint.com/thread/5478-leveraging-the-r8010-api-to-automate-and-streamline-sec...

The post also contains lots of scripts and ansible playbooks in a zip file.

Robert.

Jordan_Martin1 · ‎2018-07-18

I have probably watched that video ten times by now. Thank you for the suggestion, though!

Robert_Decker · ‎2018-07-18

Jordan,

Remove the "domain: System Data" parameter from the login command, this is the reason that the object ztestintfw1 cannot be found.

Robert.

Jordan_Martin1 · ‎2018-07-18

You are the man, Robert! Thank you so much. Quick question, though: When is System Data needed and when is it not?

Robert_Decker · ‎2018-07-18

the "system data" domain is needed for very specific objects, such as administrators.

most of the time you do not need to specify this dimain.

Robert.

Are you a member of CheckMates?

Is there a way to get a file using the API?