From a4602f286e1e8788e7c1485e82dbbfbf39a0d857 Mon Sep 17 00:00:00 2001 From: chkp-royl <51701986+chkp-royl@users.noreply.github.com> Date: Thu, 25 Jan 2024 16:25:32 +0200 Subject: [PATCH] Add support to api key (#86) --- import_export_package.py | 8 +++-- menu.py | 75 +++++++++++++++++++++++++--------------- utils.py | 6 +++- 3 files changed, 59 insertions(+), 30 deletions(-) diff --git a/import_export_package.py b/import_export_package.py index 41c8a79..5777b34 100644 --- a/import_export_package.py +++ b/import_export_package.py @@ -41,8 +41,12 @@ def get_version(client): payload["read-only"] = "true" if args.operation == "export" else "false" if args.session_timeout: payload["session-timeout"] = args.session_timeout - login_reply = client.login(username=args.username, password=args.password, domain=args.domain, - payload=payload) + if args.api_key: + login_reply = client.login_with_api_key(api_key=args.api_key, domain=args.domain, + payload=payload) + else: + login_reply = client.login(username=args.username, password=args.password, domain=args.domain, + payload=payload) handle_login_fail(not login_reply.success, "Login to management server failed. " + str(login_reply)) elif args.login == '2': if args.session_timeout: diff --git a/menu.py b/menu.py index 8a6861b..3219521 100644 --- a/menu.py +++ b/menu.py @@ -59,8 +59,8 @@ def build(self): self.lowest_level = 2 display = False elif self.level == 2: - if not (self.args.username or self.args.password or - self.args.session_id or self.args.session_file or self.args.root): + if not (self.args.api_key or self.args.username or self.args.password or + self.args.session_id or self.args.session_file or self.args.root): self.title = "Please select a login method:" self.options = ["Enter user credentials manually", "Login as Root", "Use an existing session file", "Use an existing session UID"] @@ -68,7 +68,7 @@ def build(self): else: if self.args.root: self.self_args.login = '2' - elif self.args.username or self.args.password: + elif self.args.username or self.args.password or self.args.api_key: self.self_args.login = '1' elif self.args.session_file: self.self_args.login = '3' @@ -80,10 +80,13 @@ def build(self): elif self.level == 3 and self.export: if not self.args.force: self.title = "The script will run with the following parameters:\n" + \ - "Export Access-Control layers = " + str(self.self_args.access or self.self_args.all) + "\n" + \ + "Export Access-Control layers = " + str( + self.self_args.access or self.self_args.all) + "\n" + \ "Export NAT layers = " + str(self.self_args.nat or self.self_args.all) + "\n" + \ - "Export Threat-Prevention layers = " + str(self.self_args.threat or self.self_args.all) + "\n" + \ - "Export HTTPS Inspection layers = " + str(self.self_args.https or self.self_args.all) + "\n" + \ + "Export Threat-Prevention layers = " + str( + self.self_args.threat or self.self_args.all) + "\n" + \ + "Export HTTPS Inspection layers = " + str( + self.self_args.https or self.self_args.all) + "\n" + \ "Output-file name = " + str(self.self_args.output_file) + "\n" + \ "Management Server IP = " + str(self.self_args.management) + "\n" + \ "Management Server Port = " + str(self.self_args.port) + "\n" + \ @@ -129,19 +132,14 @@ def build(self): "Change Management Server Port", "Change the domain name"] self.last_option = "Exit" if self.level == self.lowest_level else "Back" elif self.level == 5: - if not self.args.username: - self.title = "Please enter your username:" - self.options = [] + if not self.self_args.api_key and not self.self_args.username and not self.self_args.password: + self.title = "Please select authentication method:" + self.options = ["Username & Password", + "API Key"] + self.last_option = "Exit" if self.level == self.lowest_level else "Back" else: - self.level = 6 - display = False - elif self.level == 6: - if not self.args.password: - # The menu title will be provided at the password prompt self.title = "" self.options = [] - else: - return if display: self.display() else: @@ -212,7 +210,8 @@ def handle_input(self): elif choice == 2: self.self_args.threat = not self.self_args.threat self.menu_print( - "Exporting of Threat-Prevention layers " + "enabled" if self.self_args.threat else "disabled", 2) + "Exporting of Threat-Prevention layers " + "enabled" if self.self_args.threat else "disabled", + 2) elif choice == 3: self.self_args.nat = not self.self_args.nat self.menu_print( @@ -255,17 +254,39 @@ def handle_input(self): except ValueError: self.display_wrong_choice() elif self.level == 5: - if not self.self_args.username: - self.self_args.username = input() - self.level = 6 - elif self.level == 6: - if not self.self_args.password: - if sys.stdin.isatty(): - self.self_args.password = getpass.getpass("Please enter your password:\n") + try: + choice = None + if self.self_args.username or self.self_args.password: + choice = 1 + elif self.self_args.api_key: + choice = 2 else: - print("Attention! Your password will be shown on the screen!", file=sys.stderr) - self.self_args.password = input("Please enter your password:\n") - return + choice = int(input()) + if choice == 1: + if not self.self_args.username: + self.menu_print("Please enter your username:", 0) + self.self_args.username = input() + if not self.self_args.password: + if sys.stdin.isatty(): + self.self_args.password = getpass.getpass("Please enter your password:\n") + else: + print("Attention! Your password will be shown on the screen!", file=sys.stderr) + self.self_args.password = input("Please enter your password:\n") + return + elif choice == 2: + if not self.self_args.api_key: + if sys.stdin.isatty(): + self.self_args.api_key = getpass.getpass("Please enter your API key:\n") + else: + print("Attention! Your API key will be shown on the screen!", file=sys.stderr) + self.self_args.api_key = input("Please enter your API key:\n") + return + elif choice == 99: + self.level = 3 + else: + self.display_wrong_choice() + except ValueError: + self.display_wrong_choice() self.build() def display_wrong_choice(self): diff --git a/utils.py b/utils.py index 969b253..3faca12 100644 --- a/utils.py +++ b/utils.py @@ -35,7 +35,11 @@ def populate_parser(parser): parser.add_argument("-u", "--username", required=False, default=os.getenv('MGMT_CLI_USER'), help="The management administrator's user name.\nEnvironment variable: MGMT_CLI_USER") parser.add_argument("-p", "--password", required=False, - help="The management administrator's password.\nEnvironment variable: MGMT_CLI_PASSWORD") + help="The management administrator's password.\nEnvironment variable: MGMT_CLI_PASSWORD", + default=os.getenv('MGMT_CLI_PASSWORD')) + parser.add_argument("--api-key", required=False, + help="The management administrator's API Key.\nEnvironment variable: MGMT_CLI_API_KEY", + default=os.getenv('MGMT_CLI_API_KEY')) parser.add_argument("-m", "--management", required=False, default=os.getenv('MGMT_CLI_MANAGEMENT', "127.0.0.1"), help="The management server's IP address (In the case of a Multi-Domain Environment, use the IP address of the MDS domain).\nDefault: 127.0.0.1\nEnvironment variable: MGMT_CLI_MANAGEMENT") parser.add_argument("--port", "--server-port", required=False, default=os.getenv('MGMT_CLI_PORT', 443),