Ana bayyana cikakken ikon hulɗa tare da APIs lokacin da aka yi amfani da su tare da lambar shirin, lokacin da zai yiwu a samar da buƙatun API da kayan aiki don nazarin martanin API. Duk da haka, har yanzu ya kasance ba a san shi ba Kit ɗin Haɓaka Software na Python (nan gaba ake kira Python SDK) don Duba Point Management API, amma a banza. Yana da mahimmanci sauƙaƙa rayuwar masu haɓakawa da masu sha'awar aiki da kai. Python ya sami shahara sosai kwanan nan kuma na yanke shawarar cike gibin da sake duba manyan abubuwan. . Wannan labarin yana aiki azaman kyakkyawan ƙari ga wani labarin akan Habré . Za mu dubi yadda ake rubuta rubutun ta amfani da Python SDK kuma mu dubi sabon aikin API na Gudanarwa a cikin sigar 1.6 (an goyan bayan farawa daga R80.40). Don fahimtar labarin, kuna buƙatar ainihin ilimin aiki tare da APIs da Python.
Check Point yana haɓaka API sosai kuma a halin yanzu an fitar da waɗannan abubuwan:
- - aiki tare da uwar garken sarrafawa ta hanyar API (da ikon aiwatar da rubutun akan ƙofofin da uwar garken sarrafawa ke sarrafawa)
- - aiki tare da kofofin tsaro
- - aiki tare da akwatin yashi a cikin gajimare na Duba Point
- - Yin aiki tare da Fadakarwa na Identity akan ƙofofin
- - aiki tare da tashar sarrafa ƙofa ta SMB ()
- - hulɗa tare da masu kula da IoT
- - aiki da (Maganin tsaro na SD-WAN)
- - aiki da
Python SDK a halin yanzu yana goyan bayan hulɗa tare da API Gudanarwa da Gaia API. Za mu dubi mafi mahimmanci azuzuwan, hanyoyi da masu canji a cikin wannan tsarin.
Shigar da tsarin
Module cpapi shigar da sauri da sauƙi daga tare da taimakon pip. Ana samun cikakkun umarnin shigarwa a ciki . An daidaita wannan tsarin don aiki tare da nau'ikan Python 2.7 da 3.7. A cikin wannan labarin, za a ba da misalai ta amfani da Python 3.7. Duk da haka, Python SDK za a iya aiki kai tsaye daga Check Point Management Server (Smart Management), amma suna goyon bayan Python 2.7 kawai, don haka sashin ƙarshe zai samar da lambar don sigar 2.7. Nan da nan bayan shigar da tsarin, Ina ba da shawarar duba misalai a cikin kundin adireshi misalai_python2 и misalai_python3.
FarawaEND_LINK
Domin mu sami damar yin aiki tare da kayan aikin cpapi, muna buƙatar shigo da su daga tsarin cpapi aƙalla aji biyu da ake buƙata:
APIClient и APIClientArgs
from cpapi import APIClient, APIClientArgs
Класс APIClientArgs yana da alhakin haɗa sigogi zuwa uwar garken API, da aji APIClient yana da alhakin hulɗa tare da API.
Ƙayyade sigogin haɗi
Don ayyana sigogi daban-daban don haɗawa da API, kuna buƙatar ƙirƙirar misali na ajin APIClientArgs. A ka'ida, an ƙayyade sigoginsa kuma lokacin gudanar da rubutun akan uwar garken sarrafawa, ba sa buƙatar bayyana su.
client_args = APIClientArgs()Amma lokacin da kake gudana akan mai masaukin ɓangare na uku, kana buƙatar saka aƙalla adireshin IP ko sunan mai masaukin uwar garken API (wanda kuma aka sani da uwar garken gudanarwa). A cikin misalin da ke ƙasa, muna ayyana siginar haɗin uwar garken kuma mu sanya shi adireshin IP na uwar garken gudanarwa azaman kirtani.
client_args = APIClientArgs(server='192.168.47.241')Bari mu kalli duk sigogi da tsoffin ƙimar su waɗanda za a iya amfani da su yayin haɗawa da sabar API:
Hujja ta hanyar __init__ na ajin APIClientArgs
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = contextNa yi imani cewa muhawarar da za a iya amfani da su a cikin misalan APIClientArgs aji suna da hankali ga masu gudanar da Dubawa kuma baya buƙatar ƙarin sharhi.
Haɗa ta hanyar APIClient da mai sarrafa mahallin
Класс APIClient Hanya mafi dacewa don amfani da ita ita ce ta mai sarrafa mahallin. Duk abin da ake buƙatar wucewa zuwa misali na ajin APIClient shine sigogin haɗin da aka ayyana a matakin baya.
with APIClient(client_args) as client:
Mai sarrafa mahallin ba zai yi kiran shiga ta atomatik zuwa uwar garken API ba, amma zai yi kiran fita lokacin da zai fita. Idan saboda wasu dalilai ba a buƙatar fita bayan kammala aiki tare da kiran API, kuna buƙatar fara aiki ba tare da amfani da mai sarrafa mahallin ba:
client = APIClient(clieng_args)Duba haɗin
Hanya mafi sauƙi don bincika ko haɗin ya hadu da ƙayyadaddun sigogi shine ta amfani da hanyar duba_sawun yatsa. Idan tabbatar da jimlar sha1 hash don sawun yatsa na sabar API ɗin ta gagara (hanyar dawowa arya), to wannan yawanci yana faruwa ne ta hanyar matsalolin haɗin gwiwa kuma za mu iya dakatar da aiwatar da shirin (ko ba mai amfani damar gyara bayanan haɗin):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
Lura cewa a nan gaba aji APIClient zai duba kowane kiran API (hanyoyi api_kira и api_tambaya, Za mu yi magana game da su kaɗan kaɗan) sha1 takardar shaidar yatsa akan uwar garken API. Amma idan, lokacin duba yatsan sha1 na takardar shaidar uwar garken API, an gano kuskure (ba a san takardar shaidar ko an canza ba), hanyar duba_sawun yatsa zai ba da damar ƙara / canza bayani game da shi akan injin gida ta atomatik. Ana iya kashe wannan rajistan gabaɗaya (amma ana iya ba da shawarar wannan kawai idan ana gudanar da rubutun akan uwar garken API kanta, lokacin haɗawa zuwa 127.0.0.1), ta amfani da hujjar APIClientArgs - m_auto_karba (duba ƙarin game da APIClientArgs a baya a cikin "Bayyana sigogin haɗi").
client_args = APIClientArgs(unsafe_auto_accept=True)Shiga zuwa uwar garken API
У APIClient akwai hanyoyi kusan 3 don shiga cikin uwar garken API, kuma kowannensu ya fahimci ma'anar sid(Session-id), wanda ake amfani da shi ta atomatik a kowane kiran API na gaba a cikin taken (sunan da ke cikin taken wannan sigar shine X-chkp-sid), don haka babu buƙatar ƙara sarrafa wannan siga.
hanyar shiga
Zaɓin ta amfani da shiga da kalmar wucewa (a cikin misali, admin sunan mai amfani da kalmar wucewa 1q2w3e an wuce azaman mahawara):
login = client.login('admin', '1q2w3e') Ana samun ƙarin sigogin zaɓi na zaɓi a cikin hanyar shiga; ga sunayensu da tsoffin ƙima:
continue_last_session=False, domain=None, read_only=False, payload=NoneShiga_da hanyar_api_key
Zaɓin ta amfani da maɓallin api (mai goyan baya farawa daga sigar gudanarwa R80.40/Gudanar API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA==" wannan shine ƙimar maɓallin API na ɗaya daga cikin masu amfani akan uwar garken gudanarwa tare da hanyar ba da izinin maɓallin API):
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') A cikin hanya shiga_da_api_key ana samun sigogin zaɓi iri ɗaya kamar a cikin hanyar shiga.
hanyar shiga_as_root
Zaɓin shiga cikin injin gida tare da uwar garken API:
login = client.login_as_root()Akwai sigogin zaɓi guda biyu kawai don wannan hanyar:
domain=None, payload=NoneKuma a ƙarshe API ɗin ya kira kansu
Muna da zaɓuɓɓuka biyu don yin kiran API ta hanyoyi api_kira и api_tambaya. Bari mu gano menene bambancin su.
api_kira
Wannan hanyar tana aiki don kowane kira. Muna buƙatar wuce kashi na ƙarshe don kiran api da kaya a jikin buƙatar idan ya cancanta. Idan kaya ba komai bane, to ba za a iya yada shi kwata-kwata:
api_versions = client.api_call('show-api-versions') Sakamakon wannan buƙatar a ƙasa da yanke:
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})Sakamakon wannan buƙatar a ƙasa da yanke:
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_tambaya
Bari in yi ajiyar wuri nan da nan cewa wannan hanyar tana aiki ne kawai don kira waɗanda abin da fitowarsu ta ƙunshi kashewa. Irin wannan ƙaddamarwa yana faruwa lokacin da ya ƙunshi ko yana iya ƙunsar adadi mai yawa. Misali, wannan na iya zama buƙatun jerin duk abubuwan da aka ƙirƙiro akan sabar gudanarwa. Don irin waɗannan buƙatun, API ɗin yana dawo da jerin abubuwa 50 ta tsohuwa (zaka iya ƙara iyaka zuwa abubuwa 500 a cikin martani). Kuma don kada a ja bayanan sau da yawa, canza ma'aunin kashewa a cikin buƙatar API, akwai hanyar api_query wanda ke yin wannan aikin ta atomatik. Misalan kira inda ake buƙatar wannan hanyar: nuni-zama, show-hosts, show-cibiyoyin sadarwa, show- Wildcards, show-rugs, show-adireshi-jeri, nuna-sauki-ƙofofin, nuna-sauƙaƙƙun-gungu, nuni-ramummuka, show-amintattun-abokan ciniki, fakitin nuni. A haƙiƙa, muna ganin kalmomin jam'i a cikin sunan waɗannan kiran API, don haka waɗannan kiran za su kasance da sauƙin sarrafa su api_tambaya
show_hosts = client.api_query('show-hosts') Sakamakon wannan buƙatar a ƙasa da yanke:
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
Ana aiwatar da sakamakon kiran API
Bayan haka zaka iya amfani da masu canji da hanyoyin ajin APIResponse(duka cikin mai sarrafa mahallin da waje). A aji APIResponse Hanyoyi 4 da masu canji guda 5 an riga an ayyana su; za mu tsaya kan mafi mahimmancin daki-daki.
nasara
Da farko, zai zama kyakkyawan ra'ayi don tabbatar da cewa kiran API yayi nasara kuma ya dawo da sakamako. Akwai hanya don wannan nasara:
In [49]: api_versions.success
Out[49]: True
Ya dawo Gaskiya idan kiran API yayi nasara (lambar amsa - 200) da Ƙarya idan ba a yi nasara ba (kowace lambar amsawa). Ya dace don amfani nan da nan bayan kiran API don nuna bayanai daban-daban dangane da lambar amsawa.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message) hali code
Yana dawo da lambar amsa bayan an yi kiran API.
In [62]: api_versions.status_code
Out[62]: 400
Lambobin amsawa masu yiwuwa: 200,400,401,403,404,409,500,501.
saita_nasara
A wannan yanayin, yana iya zama dole don canza darajar matsayin nasara. A fasaha, zaku iya sanya wani abu a wurin, har ma da kirtani na yau da kullun. Amma ainihin misali zai kasance sake saita wannan siga zuwa Ƙarya ƙarƙashin wasu sharuɗɗan rakiyar. A ƙasa, kula da misalin lokacin da akwai ayyuka da ke gudana akan uwar garken gudanarwa, amma za mu yi la'akari da wannan buƙatar ba ta yi nasara ba (za mu saita canjin nasara zuwa ga arya, duk da cewa kiran API ya yi nasara kuma ya dawo da lambar 200).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
breakamsa()
Hanyar amsawa tana ba ku damar duba ƙamus tare da lambar amsawa (status_code) da jikin amsawa (jiki).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
data
Yana ba ku damar ganin jikin amsa (jiki) kawai ba tare da bayanan da ba dole ba.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
kuskure_sako
Ana samun wannan bayanin ne kawai lokacin da kuskure ya faru yayin aiwatar da buƙatar API (lambar amsawa ba 200). Misali fitarwa
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
Misalai masu amfani
Waɗannan misalai ne waɗanda ke amfani da kiran API waɗanda aka ƙara a cikin Gudanarwar API 1.6.
Da farko, bari mu dubi yadda kira ke aiki add-host и add-address-kewayon. Bari mu ce muna buƙatar ƙirƙirar duk adiresoshin IP na subnet 192.168.0.0/24, octet na ƙarshe wanda shine 5, a matsayin abubuwa na nau'in mai watsa shiri, kuma mu rubuta duk sauran adiresoshin IP a matsayin abubuwa na nau'in kewayon adireshin. A wannan yanayin, ware adireshin subnet da adireshin watsa shirye-shirye.
Don haka, a ƙasa akwai rubutun da ke magance wannan matsala kuma ya ƙirƙiri abubuwa 50 na nau'in mai watsa shiri da abubuwa 51 na nau'in kewayon adireshin. Don magance matsalar, ana buƙatar kiran API 101 (ba a ƙirga kiran bugu na ƙarshe ba). Hakanan, ta amfani da tsarin lokaci, muna lissafin lokacin da ake ɗauka don aiwatar da rubutun har sai an buga canje-canje.
Rubutun ta amfani da add-host da add-address-kewayon
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
A cikin mahallin dakin bincike na, wannan rubutun yana ɗaukar tsakanin daƙiƙa 30 zuwa 50 don aiwatarwa, ya danganta da nauyin da ke kan uwar garken gudanarwa.
Yanzu bari mu ga yadda za a warware wannan matsala ta amfani da kiran API ƙara-abu-batch, goyon bayan wanda aka ƙara a cikin API version 1.6. Wannan kiran yana ba ku damar ƙirƙirar abubuwa da yawa lokaci ɗaya a cikin buƙatun API ɗaya. Bugu da ƙari, waɗannan na iya zama abubuwa na nau'ikan nau'ikan daban-daban (misali, runduna, rukunin gidajen yanar gizo da jeri na adireshi). Don haka, ana iya magance aikinmu a cikin tsarin kiran API ɗaya.
Rubutun ta amfani da ƙara-abu-batch
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Kuma gudanar da wannan rubutun a cikin yanayin dakin bincike na yana ɗaukar daga 3 zuwa 7 seconds, dangane da nauyin da ke kan uwar garken gudanarwa. Wato, a matsakaita, akan abubuwa 101 API, nau'in nau'in kira yana gudana sau 10 cikin sauri. A kan adadi mafi girma na abubuwa bambancin zai zama mafi ban sha'awa.
Yanzu bari mu ga yadda ake aiki da saiti-abun-batch. Amfani da wannan kiran API, zamu iya canza kowane siga. Bari mu saita rabin farko na adiresoshin daga misalin da ya gabata (har zuwa .124 runduna, da jeri kuma) zuwa launi sienna, kuma sanya khaki launi zuwa rabin na biyu na adiresoshin.
Canza launi na abubuwan da aka ƙirƙira a cikin misalin da ya gabata
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
Kuna iya share abubuwa da yawa a cikin kiran API ɗaya ta amfani da share-abu-kashi. Yanzu bari mu kalli misalin lambar da ke share duk rundunonin da aka ƙirƙira a baya ta hanyar ƙara-abu-batch.
Share abubuwa ta amfani da share-objects-batch
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
Duk ayyukan da suka bayyana a cikin sabbin fitattun software na Check Point suna samun kiran API nan da nan. Don haka, a cikin R80.40 irin waɗannan “fasalolin” kamar Komawa zuwa bita da Smart Task sun bayyana, kuma an shirya musu kiran API masu dacewa nan da nan. Bugu da ƙari, duk ayyuka lokacin ƙaura daga na'urorin haɗin gwiwar Legacy zuwa Yanayin Haɗin Kai kuma yana samun tallafin API. Misali, sabuntawar da aka daɗe ana jira a cikin sigar software R80.40 shine ƙaura na manufofin Binciken HTTPS daga yanayin Legacy zuwa Yanayin Haɗin Kai, kuma wannan aikin nan da nan ya karɓi kiran API. Anan akwai misalin lambar da ke ƙara ƙa'ida zuwa babban matsayi na manufofin Binciken HTTPS wanda ya keɓance nau'ikan nau'ikan 3 daga dubawa (Kiwon Lafiya, Kuɗi, Ayyukan Gwamnati), waɗanda aka hana dubawa bisa ga doka a cikin ƙasashe da yawa.
Ƙara doka zuwa manufofin Binciken HTTPS
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Gudun rubutun Python akan sabar gudanarwar Check Point
Komai daya ne ya ƙunshi bayanai kan yadda ake tafiyar da rubutun Python kai tsaye daga uwar garken sarrafawa. Wannan na iya zama dacewa lokacin da ba za ku iya haɗawa da uwar garken API daga wata na'ura ba. Na yi rikodin bidiyo na minti shida wanda a cikinsa nake duban shigar da tsarin cpapi da fasali na gudanar da rubutun Python akan uwar garken sarrafawa. Misali, ana gudanar da rubutun da ke sarrafa tsarin sabon ƙofa don aiki kamar tantancewar hanyar sadarwa. Duban Tsaro. Daga cikin abubuwan da na yi aiki da su: aikin bai bayyana ba tukuna a Python 2.7 labari, don haka don sarrafa bayanan da mai amfani ya shigar, ana amfani da aiki raw_input. In ba haka ba, lambar daidai take da ƙaddamarwa daga wasu injuna, kawai ya fi dacewa don amfani da aikin login_as_tushen, don kar a sake saka sunan mai amfani, kalmar sirri da adireshin IP na uwar garken gudanarwa.
Rubutun don saitin Tsaro mai sauri na Duba Tsaro
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main() Misalin fayil tare da ƙamus na kalmar sirri ƙarin_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","пароль","Пароль","Ключ","ключ","шифр","Шифр"]
}
ƙarshe
Wannan labarin yayi nazarin kawai ainihin damar aiki SDK na Python da module cpapi(kamar yadda kuke tsammani, waɗannan su ne ainihin ma'ana), kuma ta hanyar nazarin lambar a cikin wannan tsarin za ku sami ƙarin damar yin aiki da shi. Yana yiwuwa za ku so ku ƙara shi tare da azuzuwan ku, ayyuka, hanyoyin da masu canji. Kuna iya ko da yaushe raba aikinku da duba wasu rubutun don Duba Point a cikin sashin cikin al'umma , wanda ke haɗa duka masu haɓaka samfuri da masu amfani.
Murnar codeing da godiya don karantawa har zuwa ƙarshe!
source: www.habr.com