Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Simon_Macpherso
Collaborator

MGMT_CLI Object import

Hello,

I'm trying to import service objects from a CSV file. 

There are existing objects that use the same port. All object names are unique. 

Expectedly mgmt_cli is returning a warning that the port is already in use by another service. 

I've added ignore-warnings true to the end of my statement but the changes are still discarded 'Executed command failed. Changes are discarded'. 

-----------------------------------------------------------------------------------

Example statement:

mgmt_cli -m <mgmt ip> -u <username> add service-udp -b services_udp.csv ignore-warnings true

-----------------------------------------------------------------------------------

Example:

Line 281: code: 'err_validation_failed'

message: "Validation failed with 1 warning'

warnings:

- message: "The port is already used by another service."

-----------------------------------------------------------------------------------

Do you know why this is occurring? 

Management server: R80.40 Take 89

API version: 1.6.1

 

Regards,

Simon

 

0 Kudos
13 Replies
Christian_Koehl
Contributor

Are you trying to import services with ports where other services already exits and using the same port?

This will lead to dupplicates.

0 Kudos
Simon_Macpherso
Collaborator

The service object is using the same port number as another object, but one or more other properties may differ. So, they are not duplicate objects. 

0 Kudos
Maik
Advisor

If you want to create objects via the batch (-b) parameter and a reference to a csv file you have to specify all arguments in the referenced csv file.

So, in your example "mgmt_cli -m <mgmt ip> -u <username> add service-udp -b services_udp.csv ignore-warnings true" the "ignore-warnings true" part in the command leads to the error, as it does not get rendered by the mgmt_cli. What you need to do is to add an extra header to your csv ("ignore-warnings") and afterwards apply the "true" value for each line in the csv. You basically should end up with something like that:

grafik.png

Regards,

Maik

 

(btw, the reason for that is that the -b parameter just loops over the csv arguments and "glues" it together with the initial mgmt_cli command, that's why you can not combine arguments via batch import and manually mentioned ones)

0 Kudos
Simon_Macpherso
Collaborator

Hi Maik

I've tested the import with my existing csv appended as suggested, and a test one matching the contents above but it fails.

Line 2: code: "generic_err_invalid_parameter"

message: "Parameter [ignore-warnings] value is not valid.

I've tried with the following statements 

mgmt_cli -m <mgmt ip> -u <username> add service-udp -b services_udp.csv ignore-warnings true

mgmt_cli -m <mgmt ip> -u <username> add service-udp -b services_udp.csv 

Regards,

Simon

0 Kudos
Maik
Advisor

That's weird, I tested my described solution yesterday before posting my answer. The test has been done via the latest R80.40 SmartConsole demo environment.

Could you post a snipped of your csv file like headers and a few lines (maybe change the port or name if you want)?

0 Kudos
Simon_Macpherso
Collaborator

What would be the correct csv header value for a nested JSON object?

For example, if I wanted to export the value of the radius server name for a user object, then import it.

e.g.

"radius-server": {

"name": <name>

 

0 Kudos
Maik
Advisor

I think Radius server objects are not supported via the management api. However, wasn't your initial question related to udp services?

In general you specify all the required parameters in the csv header, that otherwise would be mentioned as a mgmt_cli argument.

So for example, to come back to your initial issue with the udp service import...

The mgmt api documentation lists several possible parameters and which value is expected for each => https://sc1.checkpoint.com/documents/R80/APIs/#gui-cli/add-service-udp%20

All of these may be mentioned in the header, the ones declared with "Required" are obviously required, meaning that your command will fail if you do not mention them.

 

As I am writing this... could you try to do the same import as already tested yesterday, but this time write the "ignore-warnings" header in parenthese?

So the first line of your csv file should look something like that...

name,port,"ignore-warnings"

service1,123,true

service2,1234,true

 

The reason why I ask this is that I sucessfully executed my command under windows, could be the case that you try to run ths directly on the mgmt server and therefore linux. This could result in the issue and may require the parentheses.

0 Kudos
Simon_Macpherso
Collaborator

Yes my initial question was about services-udp but could also apply to other imports. 

The other questions was unrelated so I will post it in a separate post if it cant be answered here. But just to note, it's not a radius server object, it's a user object with a radius-server property. And the radius-server property has sub-properties i.e. name. This data can be accessed via the management api so the question is, can it be exported and imported to and from a csv using --batch. If so, I need to know what the csv header naming format is where the export is a nested object e.g. radius-server.name, encryption.enable-ike. I was simply using the radius-server property as an example. 

Getting back to the original issue, let me check the import with added parenthesis and get back to you. 

0 Kudos
Maik
Advisor

Ah okay, now I understand the question. In this case, when you want to create a user, you would use the following csv header:

"name","authentication-method","radius-server","encryption.enable-ike"

demouser,radius,myradiusobject,true

 

In this case the "radius-server" value in the header is directly related to the authentication method value. So for example, you can not use this field if the authentication method is not equal to radius. The second point, in rehards to nested information you are correct, such a case can be mentioned by combining values with a dot (like "encryption.enable-ike"). But there is no general rule, as the different API calls differ in the expected values. I would advice you to strictly follow the documentation (https://sc1.checkpoint.com/documents/latest/APIs/#cli/add-user~v1.7%20). Also, just to be sure, verify that you use the correct documentation regarding your api version. (You can check your [supported] api version/s by using the command "mgmt_cli show api-versions".)

Also... if you want to create multiple users and not all of them use the radius authentication method I think you need to split the import to different csv files.

The reason for that is that the api may not be able to render information like this...

"name","authentication-method","radius-server","tacacs-server","encryption.enable-ike"

radiususer,radius,myradiusobject,NULL,true

tacacsuser,tacacs,NULL,mytacacsobject,true

I hope this explanation makes sense to follow... maybe there even is a way to do something like shown above, but in the past I created multiple files in such a case, one per auth method.

0 Kudos
Simon_Macpherso
Collaborator

When adding a user, I receive the following

"code" : "generic_err_invalid_parameter"

message: "Parameter [enable-ike] value is not valid (full path: encryption.enable-ike"

If I add parenthesis to the head encryption.enable-ike i.e. "encryption.enable-ike" the following is returned

"code" : "generic_err_invalid_parameter"

message: "Unrecognized parameter [\"encryption]"

 

I've stripped down the csv to only include users that use radius authentication and adjusted the headers accordingly. 

 

0 Kudos
PhoneBoy
Admin
Admin

Have the header be encryption.”enable-ike” instead of “encryption.enable-ike”. 
Guessing the hyphenated parameter is causing issues (specifically when translated to JSON).

Maik
Advisor

100% correct, maybe I should test stuff before posting a solution when I haven't done this in over a year 🤔

0 Kudos
Simon_Macpherso
Collaborator

Hey

When I enclose these objects in parenthesis, i.e. encryption.”enable-ike”, encryption.”enable-public-key",  the following is returned. 


"code" : "generic_err_invalid_parameter_name",
"message" : "Unrecognized parameter [\"enable-ike\"] (full path: encryption.\"enable-ike\")"
}
Line 1010: {
"code" : "generic_err_invalid_parameter_name",
"message" : "Unrecognized parameter [\"enable-ike\"] (full path: encryption.\"enable-ike\")"
}

{ "response" : []}

 

Regards,

Simon

0 Kudos