Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
simonemanto
Participant

Web API when using add-group permission are set to read-only

Hello

I'm trying to realize a BASH script to automate the creation of object groups, when I perform the add-group, group is not created 'cause it's working in read-only mode.

Here follows my calls (made with cURL):

First, I login to the management server (192.168.1.202):

curl -H 'Content-Type: application/json' -X POST -d '{"user":"admin","password":"vpn123","read-only":"false"}' https://192.168.1.202/web_api/login --insecure

 

Second, I check if a specific object group exist or not

curl -H 'Content-Type: application/json' -H 'X-chkp-sid: 3lhppE2MdlMGpEOYUtUZ0Hiek2EsfXS0urk2BUttW1w' -X POST -d '{"name":"group1"}' https://192.168.1.202/web_api/show-group --insecure

 

If the object group doesn't exist I create it:

curl -H 'Content-Type: application/json' -H 'X-chkp-sid: 3lhppE2MdlMGpEOYUtUZ0Hiek2EsfXS0urk2BUttW1w' -X POST -d '{"name":"group1","color":"blue","comments":"Group1"}' https://192.168.1.202/web_api/add-group --insecure

 

This is the response when adding a group, where read-only is set to false

{
"uid" : "e5981105-9d77-496a-9863-a85c7be0e01b",
"name" : "group1",
"type" : "group",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"members" : [ ],
"groups" : [ ],
"comments" : "Group1",
"color" : "blue",
"icon" : "General/group",
"tags" : [ ],
"meta-info" : {
"lock" : "unlocked",
"validation-state" : "ok",
"last-modify-time" : {
"posix" : 1587536887663,
"iso-8601" : "2020-04-22T08:28+0200"
},
"last-modifier" : "admin",
"creation-time" : {
"posix" : 1587536887663,
"iso-8601" : "2020-04-22T08:28+0200"
},
"creator" : "admin"
},
"read-only" : true
}+ exit

 

What I'm missing?

 

Thanks

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

What is the JSON output of your login attempt?
It should tell you if the login has read/write access.
Note there are a few things that block read/write access, the most common being someone has SmartDashboard open.
0 Kudos
simonemanto
Participant

Hello PhoneBoy

this is the login command:

curl -H 'Content-Type: application/json' -X POST -d '{"user":"admin","password":"vpn123","read-only":"false"}' https://192.168.1.202/web_api/login --insecure

 

And this is the output:

{

  "uid" : "efee4f46-c382-4a35-9502-998744d37c0d",

  "sid" : "LQvkJy8ItVOLUzYvHr6lIN540O4MTiGw3d9urhufXbw",

  "url" : "https://192.168.1.202:443/web_api",

  "session-timeout" : 600,

  "last-login-was-at" : {

    "posix" : 1587538226636,

    "iso-8601" : "2020-04-22T08:50+0200"

  },

  "api-server-version" : "1.6"

 

Login has ben performed with SmartDashboard closed.

If I check on the SmartDashobard after executing the script, and permission are set to Read-Write for the session.

 

Thanks

0 Kudos
simonemanto
Participant

At the end I've solved; it was my fault, I had not perform a call to publish; the new object is visible in SmartDashboard only after publishing the changes.

 

So it was a "human" issue not API issue.

 

Thanks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events