cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Automate policy installation

1. I am planning to automate my Change requests and in order to do that I would like to know how could i use batch options for install-policy.

The option I tried:

[Expert@mapcpmgmt01:0]# mgmt_cli install-policy --batch policypackage.csv --format json

Line 2: {
"code" : "generic_err_invalid_parameter_name",
"message" : "Unrecognized parameter [standard]"
}

{ "response" : []}

The CSV file looked like this:

[Expert@mapcpmgmt01:0]# cat policypackage.csv
policy-package,standard,access,true
policy-package,standard1,access,true

Tags (1)
0 Kudos
3 Replies
Employee+
Employee+

Re: Automate policy installation

Hello Mikesh,

I think the issue might be with the way you are formatting your CSV file.

The way to use the CSV files is as followed:

Here is how I adapted your example:

[Expert@Mgmt]# cat policy.csv
policy-package,access,
Standard,true,

[Expert@Mgmt]# mgmt_cli install-policy --batch ./policy.csv --format json -r true


---------------------------------------------
Time: [11:42:39] 23/8/2017
---------------------------------------------
"Policy installation - Standard" in progress (0%)

....

....

....

<installation finished successfully>

[Expert@Mgmt]#

HTH 

Yonatan

0 Kudos
Employee+
Employee+

Re: Automate policy installation

One more note for future reference - try checking the output of $FWDIR/log/api.elg.

You can find the actual payload that reached the server. 

I'm guessing your output would have looked something along the lines of:

Address: http://127.0.0.1:50276/web_api/install-policy
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/json
Headers: {Accept=[application/json], connection=[keep-alive], Content-Length=[91], content-type=[application/json], Host=[127.0.0.1:50276], User-Agent=[mgmt_cli], X-chkp-sid=[1KtvuY0yiF_JFFSkhc4o2MJZBcS_q7D4AnzMUQfpHS8], X-Forwarded-For=[127.0.0.1], X-Forwarded-Host=[127.0.0.1], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[192.168.19.131]}
Payload: {"Standard":"Standard1","access":"access","policy-package":"policy-package","true":"true"}

--------------------------------------
2017-08-23 11:54:14,088 INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.<init>:25 [qtp-27716996-27] - Cache created and initialized
2017-08-23 11:54:14,089 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:219 [qtp-27716996-27] -
com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "Standard" (class com.checkpoint.management.web_api.core.handler.commands.on_targets.install_policy.PolicyInstallationRequest), not marked as ignorable (8 known properties: "install-on-each-target-of-the-same-version-independently", "prepare-only", "targets", "threat-prevention", "access", "install-on-all-cluster-members-or-fail", "policy-package", "revision"])
at [Source: {"Standard":"Standard1","access":"access","policy-package":"policy-package","true":"true"}
; line: 1, column: 14] (through reference chain: com.checkpoint.management.web_api.core.handler.commands.on_targets.install_policy.PolicyInstallationRequest["Standard"])

...

...

...

---------------------------
ID: 32
Response-Code: 400
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Wed, 23 Aug 2017 08:54:14 GMT]}
Payload: {
"code" : "generic_err_invalid_parameter_name",
"message" : "Unrecognized parameter [Standard]"

This would probably have helped you figure this out on your own Smiley Happy

HTH 

Yonatn

0 Kudos

Re: Automate policy installation

Thanks Philip. Now, I have a real picture on how to use batch file and how to araange commands in CSV.

0 Kudos