Agbara ni kikun ti ibaraenisepo pẹlu awọn API ni a ṣafihan nigba lilo papọ pẹlu koodu eto, nigbati o ṣee ṣe lati ṣe ipilẹṣẹ awọn ibeere API ati awọn irinṣẹ fun itupalẹ awọn idahun API. Sibẹsibẹ, o si tun maa wa unnoticeable Python Software Apo (lẹhinna tọka si bi Python SDK) fun Ṣayẹwo Point Management API, sugbon asan. O ṣe pataki simplifies igbesi aye ti awọn idagbasoke ati awọn alara adaṣe. Python ti ni olokiki pupọ laipẹ ati pe Mo pinnu lati kun aafo naa ati atunyẹwo awọn ẹya akọkọ. . Nkan yii ṣiṣẹ bi afikun ti o tayọ si nkan miiran lori Habré . A yoo wo bi o ṣe le kọ awọn iwe afọwọkọ nipa lilo Python SDK ati ki o wo isunmọ si iṣẹ ṣiṣe API iṣakoso tuntun ni ẹya 1.6 (atilẹyin bẹrẹ lati R80.40). Lati loye nkan naa, iwọ yoo nilo imọ ipilẹ ti ṣiṣẹ pẹlu awọn API ati Python.
Ṣayẹwo Point n ṣe agbekalẹ API ni itara ati ni akoko ti o ti tu nkan wọnyi silẹ:
- - ṣiṣẹ pẹlu olupin iṣakoso nipasẹ API (ati agbara lati ṣiṣẹ awọn iwe afọwọkọ lori awọn ẹnu-ọna ti iṣakoso nipasẹ olupin iṣakoso)
- - ṣiṣẹ pẹlu awọn ẹnu-ọna aabo
- - ṣiṣẹ pẹlu apoti iyanrin kan ninu awọsanma Ṣayẹwo Point
- - ṣiṣẹ pẹlu abẹfẹlẹ Awareness idanimọ lori awọn ẹnu-ọna
- - ṣiṣẹ pẹlu ẹnu-ọna iṣakoso ẹnu-ọna SMB ()
- - ibaraenisepo pẹlu awọn olutona IoT
- - ṣiṣẹ pẹlu (Ojutu aabo SD-WAN)
- - ṣiṣẹ pẹlu
Python SDK lọwọlọwọ ṣe atilẹyin ibaraenisepo pẹlu API Isakoso ati Gaia API. A yoo wo awọn kilasi pataki julọ, awọn ọna ati awọn oniyipada ninu module yii.
Module fifi sori
Module cpapi fi sori ẹrọ ni kiakia ati irọrun lati pẹlu iranlọwọ Pipa. Awọn ilana fifi sori ẹrọ ni alaye wa ninu . A ṣe atunṣe module yii lati ṣiṣẹ pẹlu awọn ẹya Python 2.7 ati 3.7. Ninu nkan yii, awọn apẹẹrẹ yoo fun ni lilo Python 3.7. Sibẹsibẹ, Python SDK le ṣiṣẹ taara lati ọdọ Olupin Iṣakoso Iṣakoso Ṣayẹwo (Smart Management), ṣugbọn wọn ṣe atilẹyin Python 2.7 nikan, nitorinaa apakan ti o kẹhin yoo pese koodu fun ẹya 2.7. Lẹsẹkẹsẹ lẹhin fifi sori ẹrọ module, Mo ṣeduro wiwo awọn apẹẹrẹ ninu awọn ilana apẹẹrẹ_python2 и apẹẹrẹ_python3.
Bibẹrẹ
Ni ibere fun wa lati ni anfani lati ṣiṣẹ pẹlu awọn irinše ti module cpapi, a nilo lati gbe wọle lati inu module cpapi o kere ju meji awọn kilasi ti a beere:
APIKlient и APIClientArgs
from cpapi import APIClient, APIClientArgs
Класс APIClientArgs jẹ iduro fun awọn paramita asopọ si olupin API, ati kilasi naa APIKlient jẹ lodidi fun ibaraenisepo pẹlu API.
Ṣiṣe ipinnu awọn paramita asopọ
Lati setumo orisirisi awọn paramita fun sisopọ si API, o nilo lati ṣẹda apẹẹrẹ ti kilasi naa APIClientArgs. Ni opo, awọn paramita rẹ jẹ asọye tẹlẹ ati nigbati o nṣiṣẹ iwe afọwọkọ lori olupin iṣakoso, wọn ko nilo lati sọ pato.
client_args = APIClientArgs()Ṣugbọn nigbati o ba nṣiṣẹ lori agbalejo ẹnikẹta, o nilo lati pato o kere ju adiresi IP tabi orukọ agbalejo ti olupin API (ti a tun mọ ni olupin iṣakoso). Ni apẹẹrẹ ni isalẹ, a ṣe alaye paramita asopọ olupin ati fi adirẹsi IP ti olupin iṣakoso bi okun.
client_args = APIClientArgs(server='192.168.47.241')Jẹ ki a wo gbogbo awọn paramita ati awọn iye aiyipada wọn ti o le ṣee lo nigbati o ba sopọ si olupin API:
Awọn ariyanjiyan ti ọna __init__ ti kilasi APIClientArgs
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = contextMo gbagbọ pe awọn ariyanjiyan ti o le ṣee lo ni awọn iṣẹlẹ ti kilasi APIClientArgs jẹ oye lati Ṣayẹwo Awọn oludari aaye ati pe ko nilo awọn asọye afikun.
Sisopọ nipasẹ APIClient ati oluṣakoso ọrọ-ọrọ
Класс APIKlient Ọna ti o rọrun julọ lati lo o jẹ nipasẹ oluṣakoso ọrọ-ọrọ. Gbogbo ohun ti o nilo lati kọja si apẹẹrẹ ti kilasi APIClient ni awọn paramita asopọ ti o ti ṣalaye ni igbesẹ iṣaaju.
with APIClient(client_args) as client:
Oluṣakoso ọrọ-ọrọ kii yoo ṣe ipe iwọle laifọwọyi si olupin API, ṣugbọn yoo ṣe ipe ijade nigbati o ba jade. Ti fun idi kan ko ba nilo ifilọlẹ lẹhin ipari ṣiṣẹ pẹlu awọn ipe API, o nilo lati bẹrẹ ṣiṣẹ laisi lilo oluṣakoso ọrọ:
client = APIClient(clieng_args)Idanwo asopọ
Ọna to rọọrun lati ṣayẹwo boya asopọ ba pade awọn paramita ti a sọ ni lilo ọna naa check_fingerprint. Ti ijẹrisi sha1 hash apao fun itẹka ti ijẹrisi API olupin kuna (ọna ti o pada eke), lẹhinna eyi jẹ igbagbogbo nipasẹ awọn iṣoro asopọ ati pe a le da ipaniyan eto naa duro (tabi fun olumulo ni aye lati ṣatunṣe data asopọ):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
Jọwọ ṣe akiyesi pe ni ọjọ iwaju kilasi naa APIKlient yoo ṣayẹwo gbogbo ipe API (awọn ọna api_ipe и api_query, a yoo sọrọ nipa wọn diẹ diẹ sii) ijẹrisi ika ika sha1 lori olupin API. Ṣugbọn ti o ba jẹ pe, nigbati o ba n ṣayẹwo ika ika sha1 ti ijẹrisi olupin API, a ṣe akiyesi aṣiṣe kan (ijẹrisi jẹ aimọ tabi ti yipada), ọna naa check_fingerprint yoo pese aye lati ṣafikun / yi alaye nipa rẹ lori ẹrọ agbegbe laifọwọyi. Ayẹwo yii le jẹ alaabo patapata (ṣugbọn eyi le ṣe iṣeduro nikan ti awọn iwe afọwọkọ ba ṣiṣẹ lori olupin API funrararẹ, nigbati o ba sopọ si 127.0.0.1), ni lilo ariyanjiyan APIClientArgs - ailewu_auto_gba (wo diẹ sii nipa APIClientArgs ni iṣaaju ni “Ṣitumọ awọn paramita asopọ”).
client_args = APIClientArgs(unsafe_auto_accept=True)Wọle si olupin API
У APIKlient ọpọlọpọ bi awọn ọna 3 wa fun wíwọlé sinu olupin API, ati pe ọkọọkan wọn loye itumọ naa sid(igba-id), eyiti a lo ni adaṣe ni ipe API kọọkan ti o tẹle ni akọsori (orukọ ti o wa ninu akọsori paramita yii jẹ X-chkp-sidi), nitorinaa ko si iwulo lati ṣe ilana paramita yii siwaju sii.
wiwọle ọna
Aṣayan nipa lilo iwọle ati ọrọ igbaniwọle (ni apẹẹrẹ, abojuto orukọ olumulo ati ọrọ igbaniwọle 1q2w3e ti kọja bi awọn ariyanjiyan ipo):
login = client.login('admin', '1q2w3e') Awọn paramita aṣayan afikun tun wa ni ọna iwọle; eyi ni awọn orukọ wọn ati awọn iye aiyipada:
continue_last_session=False, domain=None, read_only=False, payload=NoneLogin_with_api_key ọna
Aṣayan ni lilo bọtini api (atilẹyin ti o bẹrẹ lati ẹya iṣakoso R80.40/Iṣakoso API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA==" eyi ni iye bọtini API fun ọkan ninu awọn olumulo lori olupin iṣakoso pẹlu ọna aṣẹ bọtini API):
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') Ni ọna buwolu_pẹlu_api_key Awọn paramita iyan kanna wa bi ninu ọna naa wo ile.
login_as_root ọna
Aṣayan lati buwolu wọle si ẹrọ agbegbe pẹlu olupin API kan:
login = client.login_as_root()Awọn aye iyan meji nikan lo wa fun ọna yii:
domain=None, payload=NoneAti nikẹhin API pe ara wọn
A ni awọn aṣayan meji lati ṣe awọn ipe API nipasẹ awọn ọna api_ipe и api_query. Jẹ ká ro ero jade ohun ti iyato laarin wọn.
api_ipe
Ọna yii wulo fun eyikeyi awọn ipe. A nilo lati kọja apakan ti o kẹhin fun ipe api ati fifuye isanwo ninu ara ibeere ti o ba jẹ dandan. Ti fifuye isanwo ba ṣofo, lẹhinna ko le gbe lọ rara:
api_versions = client.api_call('show-api-versions') Ijade fun ibeere yii ni isalẹ gige:
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})Ijade fun ibeere yii ni isalẹ gige:
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_query
Jẹ ki n ṣe ifiṣura lẹsẹkẹsẹ pe ọna yii wulo fun awọn ipe nikan ti iṣelọpọ rẹ jẹ aiṣedeede. Iru itọka bẹ waye nigbati o ni tabi o le ni iye nla ti alaye ninu. Fun apẹẹrẹ, eyi le jẹ ibeere fun atokọ ti gbogbo awọn nkan agbalejo ti o ṣẹda lori olupin iṣakoso. Fun iru awọn ibeere bẹ, API da atokọ ti awọn nkan 50 pada nipasẹ aiyipada (o le pọsi opin si awọn ohun 500 ni idahun). Ati pe ki o má ba fa alaye naa ni igba pupọ, yiyipada paramita aiṣedeede ninu ibeere API, ọna api_query wa ti o ṣe iṣẹ yii laifọwọyi. Awọn apẹẹrẹ awọn ipe nibiti ọna yii ti nilo: show-sessions, show-hosts, show-networks, show-wildcards, show-group, show-adiresi-ibiti, fi-rorun-bode, show-rọrun-clusters, show-wiwọle-ipa, show-igbekele-onibara, show-package. Ni otitọ, a rii awọn ọrọ pupọ ni orukọ awọn ipe API wọnyi, nitorinaa awọn ipe wọnyi yoo rọrun lati mu nipasẹ api_query
show_hosts = client.api_query('show-hosts') Ijade fun ibeere yii ni isalẹ gige:
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
Ṣiṣe awọn abajade ti awọn ipe API
Lẹhin eyi o le lo awọn oniyipada ati awọn ọna ti kilasi naa API Idahun(mejeeji inu oluṣakoso ọrọ ati ita). Ni kilasi API Idahun Awọn ọna 4 ati awọn oniyipada 5 jẹ asọye tẹlẹ; a yoo gbe lori awọn pataki julọ ni awọn alaye diẹ sii.
aseyori
Lati bẹrẹ pẹlu, yoo jẹ imọran ti o dara lati rii daju pe ipe API jẹ aṣeyọri ati da abajade pada. Ọna kan wa fun eyi aseyori:
In [49]: api_versions.success
Out[49]: True
Pada Otitọ ti ipe API ba ṣaṣeyọri (koodu idahun - 200) ati Eke ti ko ba ṣaṣeyọri (koodu idahun eyikeyi miiran). O rọrun lati lo lẹsẹkẹsẹ lẹhin ipe API lati ṣafihan alaye oriṣiriṣi ti o da lori koodu esi.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message) koodu ipo
Da koodu esi pada lẹhin ti a ti ṣe ipe API kan.
In [62]: api_versions.status_code
Out[62]: 400
Awọn koodu idahun ti o ṣeeṣe: 200,400,401,403,404,409,500,501.
ipo_aṣeyọri
Ni idi eyi, o le jẹ pataki lati yi iye ti ipo aṣeyọri pada. Ni imọ-ẹrọ, o le fi ohunkohun sibẹ, paapaa okun deede. Ṣugbọn apẹẹrẹ gidi yoo jẹ atunto paramita yii si Eke labẹ awọn ipo to tẹle. Ni isalẹ, san ifojusi si apẹẹrẹ nigbati awọn iṣẹ ṣiṣe nṣiṣẹ lori olupin iṣakoso, ṣugbọn a yoo ro pe ibeere yii ko ni aṣeyọri (a yoo ṣeto iyipada aṣeyọri si eke, Bíótilẹ o daju wipe API ipe je aseyori ati ki o pada koodu 200).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
breakesi()
Ọna idahun gba ọ laaye lati wo iwe-itumọ pẹlu koodu esi (status_code) ati ara idahun (ara).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
data
Gba ọ laaye lati wo ara ti idahun (ara) nikan laisi alaye ti ko wulo.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
aṣiṣe_ifiranṣẹ
Alaye yii wa nikan nigbati aṣiṣe ba waye lakoko ṣiṣe ibeere API (koodu idahun kii ṣe 200). Abajade apẹẹrẹ
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
Awọn apẹẹrẹ ti o wulo
Awọn atẹle jẹ apẹẹrẹ ti o lo awọn ipe API ti a ṣafikun ni API Isakoso 1.6.
Ni akọkọ, jẹ ki a wo bii awọn ipe ṣe n ṣiṣẹ fi-ogun и fi-adirẹsi-ibiti o. Jẹ ki a sọ pe a nilo lati ṣẹda gbogbo awọn adirẹsi IP ti subnet 192.168.0.0/24, octet ti o kẹhin eyiti o jẹ 5, bi awọn nkan ti iru ogun, ati kọ gbogbo awọn adirẹsi IP miiran bi awọn nkan ti iru ibiti adiresi. Ni idi eyi, yọkuro adirẹsi subnet ati adirẹsi igbohunsafefe.
Nitorinaa, ni isalẹ ni iwe afọwọkọ kan ti o yanju iṣoro yii ati ṣẹda awọn nkan 50 ti iru ogun ati awọn ohun elo 51 ti iru ibiti o wa ni adirẹsi. Lati yanju iṣoro naa, awọn ipe API 101 nilo (kii ṣe kika ipe ti o kẹhin). Paapaa, ni lilo module akoko, a ṣe iṣiro akoko ti o to lati ṣiṣẹ iwe afọwọkọ naa titi ti awọn ayipada yoo fi tẹjade.
Akosile nipa lilo fikun-ogun ati fikun-adirẹsi-ibiti o
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Ni agbegbe laabu mi, iwe afọwọkọ yii gba laarin awọn aaya 30 ati 50 lati ṣiṣẹ, da lori ẹru lori olupin iṣakoso.
Bayi jẹ ki a wo bi o ṣe le yanju iṣoro kanna ni lilo ipe API kan fi-ohun-ipele, atilẹyin fun eyiti a ṣafikun ni ẹya API 1.6. Ipe yii gba ọ laaye lati ṣẹda ọpọlọpọ awọn nkan ni ẹẹkan ni ibeere API kan. Jubẹlọ, awọn wọnyi le jẹ awọn nkan ti o yatọ si iru (fun apẹẹrẹ, awọn ogun, subnets ati adirẹsi awọn sakani). Nitorinaa, iṣẹ-ṣiṣe wa ni a le yanju laarin ilana ti ipe API kan.
Afọwọkọ nipa lilo awọn afikun-ohun-ipele
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Ati ṣiṣe iwe afọwọkọ yii ni agbegbe laabu mi gba lati 3 si awọn aaya 7, da lori fifuye lori olupin iṣakoso. Iyẹn ni, ni apapọ, lori awọn ohun elo API 101, ipe iru ipele kan nṣiṣẹ ni igba mẹwa ni iyara. Lori nọmba nla ti awọn nkan iyatọ yoo jẹ iwunilori paapaa diẹ sii.
Bayi jẹ ki a wo bi o ṣe le ṣiṣẹ pẹlu ṣeto-ohun-ipele. Lilo ipe API yii, a le yi olopobobo pada eyikeyi paramita. Jẹ ki a ṣeto idaji akọkọ ti awọn adirẹsi lati apẹẹrẹ ti tẹlẹ (to awọn ogun .124, ati awọn sakani paapaa) si awọ sienna, ki o fi awọ khaki si idaji keji ti awọn adirẹsi naa.
Yiyipada awọ ti awọn ohun ti a ṣẹda ninu apẹẹrẹ ti tẹlẹ
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
O le pa ọpọ awọn nkan rẹ ni ipe API kan nipa lilo parẹ-ohun-ipele. Bayi jẹ ki a wo apẹẹrẹ koodu ti o paarẹ gbogbo awọn ọmọ-ogun ti o ṣẹda tẹlẹ nipasẹ fi-ohun-ipele.
Npa awọn nkan kuro nipa lilo piparẹ-ohun-ipele
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
Gbogbo awọn iṣẹ ti o han ni awọn idasilẹ tuntun ti sọfitiwia Ṣayẹwo Point gba awọn ipe API lẹsẹkẹsẹ. Nitorinaa, ni R80.40 iru “awọn ẹya” bi Pada si atunyẹwo ati Iṣẹ-ṣiṣe Smart han, ati pe awọn ipe API ti o baamu ni a pese sile fun wọn lẹsẹkẹsẹ. Pẹlupẹlu, gbogbo iṣẹ ṣiṣe nigba gbigbe lati awọn afaworanhan Legacy si Ipo Afihan Iṣọkan tun gba atilẹyin API. Fun apẹẹrẹ, imudojuiwọn ti a ti nreti gigun ni ẹya sọfitiwia R80.40 ni gbigbe eto imulo Ayewo HTTPS lati ipo Legacy si Ipo Afihan Iṣọkan, ati pe iṣẹ ṣiṣe yii gba awọn ipe API lẹsẹkẹsẹ. Eyi jẹ apẹẹrẹ ti koodu ti o ṣe afikun ofin kan si ipo oke ti eto imulo Ayewo HTTPS ti o yọkuro awọn ẹka 3 lati ayewo (Ilera, Isuna, Awọn iṣẹ ijọba), eyiti o jẹ idinamọ lati ayewo ni ibamu pẹlu awọn ofin ti nọmba awọn orilẹ-ede.
Ṣafikun ofin kan si eto imulo Ayewo HTTPS
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Ṣiṣe awọn iwe afọwọkọ Python lori olupin iṣakoso Ṣayẹwo Point
Ohun gbogbo jẹ kanna ni alaye lori bi o ṣe le ṣiṣe awọn iwe afọwọkọ Python taara lati olupin iṣakoso. Eyi le rọrun nigbati o ko le sopọ si olupin API lati ẹrọ miiran. Mo ṣe igbasilẹ fidio iṣẹju mẹfa kan ninu eyiti Mo wo fifi sori ẹrọ module naa cpapi ati awọn ẹya ara ẹrọ ti nṣiṣẹ awọn iwe afọwọkọ Python lori olupin iṣakoso. Gẹgẹbi apẹẹrẹ, iwe afọwọkọ kan nṣiṣẹ ti o ṣe adaṣe iṣeto ni ti ẹnu-ọna tuntun fun iṣẹ-ṣiṣe kan gẹgẹbi iṣatunṣe nẹtiwọọki. Ṣiṣayẹwo Aabo. Lara awọn ẹya ti Mo ni lati ṣe pẹlu: iṣẹ naa ko ti han ni Python 2.7 input, nitorinaa lati ṣe ilana alaye ti olumulo n wọle, iṣẹ kan lo raw_input. Bibẹẹkọ, koodu naa jẹ kanna bi fun ifilọlẹ lati awọn ẹrọ miiran, nikan o rọrun diẹ sii lati lo iṣẹ naa wiwọle_as_root, ki o má ba ṣe pato orukọ olumulo tirẹ, ọrọigbaniwọle ati adiresi IP ti olupin isakoso lẹẹkansi.
Iwe afọwọkọ fun iṣeto ni iyara ti Ṣiṣayẹwo Aabo
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main() Faili apẹẹrẹ pẹlu iwe-itumọ ọrọ igbaniwọle afikun_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","пароль","Пароль","Ключ","ключ","шифр","Шифр"]
}
ipari
Nkan yii ṣe ayẹwo nikan awọn iṣeeṣe ipilẹ ti iṣẹ SDK Python ati module cpapi(bi o ṣe le ti gboju, iwọnyi jẹ awọn itumọ ọrọ gangan), ati nipa kikọ koodu ni module yii iwọ yoo ṣawari paapaa awọn aye diẹ sii fun ṣiṣẹ pẹlu rẹ. O ṣee ṣe pe iwọ yoo fẹ lati ṣafikun rẹ pẹlu awọn kilasi tirẹ, awọn iṣẹ, awọn ọna ati awọn oniyipada. O le pin iṣẹ rẹ nigbagbogbo ati wo awọn iwe afọwọkọ miiran fun Ojuami Ṣayẹwo ni apakan ni awujo , eyi ti o mu papọ awọn olupilẹṣẹ ọja ati awọn olumulo.
Idunnu ifaminsi ati ọpẹ fun kika si opin!
orisun: www.habr.com