AnsweredAssumed Answered

Web API issues with run-script and install-policy from PowerShell in R80.10

Question asked by Ryan Pitman on Sep 19, 2017
Latest reply on Oct 3, 2017 by Charles Currier

Hello everyone,

 

We've recently deployed a test R80.10 management server in our environment, and I've started working on a couple of scripts to automate routine tasks.  I'm really interested in the run-script and install-policy modules, but I'm having difficulty getting either of them to work when making calls to the web API.  Here's the code I've come up with:

 

$checkpoint_mgmt_server = "10.X.X.X"

# Disable certificate check

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$True}

 

$login_url = "https://$checkpoint_mgmt_server/web_api/login"

$query_url = "https://$checkpoint_mgmt_server/web_api/run-script"

 

$creds_hash = @{"user"="admin";"password"="xxxxxx"}

$json_login_body = $creds_hash | ConvertTo-Json

 

# Login call

$json_login_response = Invoke-WebRequest -uri $login_url -ContentType "application/json" -Method "POST" -body $json_login_body -ErrorAction Stop

 

# Assign the sid to x-chkp-sid for future calls

$chkp_header = @{"x-chkp-sid"=($json_login_response | ConvertFrom-Json).sid}

 

# Create a string array with test-gateway as the only element

$install_target = @("test-gateway")

 

# Build the query body for run-script and convert it

$json_query_body = @{"script-name"="test";script="ls -la /var/tmp";targets=$install_target} | ConvertTo-Json

 

# Call the uri for run-script

$json_query_response = Invoke-WebRequest -uri $query_url -ContentType "application/json" -Method "POST" -body $json_query_body -Headers $chkp_header

 

Output:

Invoke-WebRequest : The remote server returned an error: (404) Not Found.
At line:1 char:24
+ ... _response = Invoke-WebRequest -uri $query_url -ContentType "applicati ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

 

Query Body:

PS Y:\> $json_query_body
{
    "script":  "ls -la /var/tmp",
    "script-name":  "test",
    "targets":  [
                    "test-gateway"
                ]
}

 

I've tried everything that I can think of to get this to work (using a simple string instead of the string array for targets, using the UID of the gateway, etc), but I'm getting the same result every time.  If I leave one of the required parameters off (i.e. targets), I get a 400 bad request error, and I can browse to the URL from my PC, so it appears to be available.  I've been able to get other API functions to work correctly (show-simple-gateway), but these are of course the two I'm really interested in. 

 

The management server is running R80.10, and the gateway is at R77.30, and I can run the demo commands from the Command Line/API button within SmartConsole on the management server without any issues.  I've yet to get either of these web calls to respond correctly though, so I was wondering if anyone had any insight.  Thank you!

Outcomes