File Coverage

blib/lib/Net/Checkpoint/Management/v1.pm

Criterion	Covered	Total	%
statement	23	177	12.9
branch	0	54	0.0
condition	0	42	0.0
subroutine	8	22	36.3
pod	7	7	100.0
total	38	302	12.5

line	stmt	bran	cond	sub	pod	time	code
1							$Net::Checkpoint::Management::v1::VERSION = '0.001010';
2							# ABSTRACT: Checkpoint Management API version 1.x client library
3
4							use 5.024;
5	1			1		158011	use Moo;
	1					6
6	1			1		356	use feature 'signatures';
	1					4879
	1					4
7	1			1		1003	use Types::Standard qw( ArrayRef Str );
	1					1
	1					93
8	1			1		391	use Carp::Clan qw(^Net::Checkpoint::Management::v1);
	1					69354
	1					12
9	1			1		1121	use Clone qw( clone );
	1					1192
	1					6
10	1			1		345	use Net::Checkpoint::Management::v1::Role::ObjectMethods;
	1					1713
	1					52
11	1			1		328
	1					3
	1					26
12							no warnings "experimental::signatures";
13	1			1		5
	1					2
	1					1439
14
15							has 'user' => (
16							isa => Str,
17							is => 'rw',
18							);
19							has 'passwd' => (
20							isa => Str,
21							is => 'rw',
22							);
23
24
25							has 'api_versions' => (
26							is => 'lazy',
27							isa => ArrayRef[Str],
28							);
29
30							my $res_versions = $self->post('/web_api/v1.1/show-api-versions', {});
31	0			0			return $res_versions->data->{'supported-versions'};
	0
	0
32	0						}
33	0
34
35							has 'api_version' => (
36							is => 'rw',
37							isa => Str,
38							);
39
40							with 'Net::Checkpoint::Management::v1::Role::REST::Client';
41
42							my $error_message;
43
44	0			0			if (ref $data eq 'HASH' ) {
	0
	0
	0
45	0						if (exists $data->{'blocking-errors'}
46							&& ref $data->{'blocking-errors'} eq 'ARRAY'
47	0	0					&& exists $data->{'blocking-errors'}->[0]
48	0	0	0				&& exists $data->{'blocking-errors'}->[0]->{message}) {
		0	0
		0	0
			0
			0
			0
			0
			0
			0
49							$error_message = $data->{'blocking-errors'}->[0]->{message};
50							}
51							elsif (exists $data->{errors}
52	0						&& ref $data->{errors} eq 'ARRAY'
53							&& exists $data->{errors}->[0]
54							&& exists $data->{errors}->[0]->{message}) {
55							$error_message = $data->{errors}->[0]->{message};
56							}
57							# when ignore-warnings isn't passed to the API call, a response with only
58	0						# warnings is also considered an error because its changes aren't saved
59							# when passing ignore-warnings the error handler isn't called because the
60							# http response code is 200
61							elsif (exists $data->{warnings}
62							&& ref $data->{warnings} eq 'ARRAY'
63							&& exists $data->{warnings}->[0]
64							&& exists $data->{warnings}->[0]->{message}) {
65							$error_message = $data->{warnings}->[0]->{message};
66							}
67							else {
68	0						$error_message = $data->{message};
69							}
70							}
71	0						# underlying exception like Could not connect to 'cpmanager.example.org'
72							else {
73							$error_message = $data;
74							}
75							croak($error_message);
76	0						}
77
78	0						my $params = $self->user_agent->www_form_urlencode( $query_params );
79							my $res = $self->post("$url?$params", $object_data);
80							my $code = $res->code;
81	0			0			my $data = $res->data;
	0
	0
	0
	0
	0
82	0
83	0						$self->_error_handler($data)
84	0						unless $code == 200;
85	0						return $data;
86							}
87	0	0
88							# the API only allows 500 objects at a time
89	0						# work around that by making multiple API calls
90							my $offset = 0;
91							my $limit = exists $query_params->{limit}
92	0			0			? $query_params->{limit}
	0
	0
	0
	0
	0
93							: 500;
94							my $more_data_available = 1;
95	0						my $response;
96							while ($more_data_available) {
97							my $res = $self->post($url, {
98	0	0					offset => $offset,
99	0						limit => $limit,
100	0						%$query_params,
101	0						});
102	0						my $code = $res->code;
103							my $data = $res->data;
104							$self->_error_handler($data)
105							unless $code == 200;
106
107	0						# use first response for base structure of response
108	0						if ($offset == 0) {
109	0	0					$response = clone($data);
110							delete $response->{from};
111							delete $response->{to};
112							}
113	0	0					else {
114	0						push $response->{$list_key}->@, $data->{$list_key}->@
115	0						if exists $data->{$list_key} && ref $data->{$list_key} eq 'ARRAY';
116	0						}
117
118							# check if more data is available
119							if ($offset + $limit < $data->{total}) {
120	0	0	0				$more_data_available = 1;
121							$offset += $limit;
122							}
123							else {
124	0	0					$more_data_available = 0;
125	0						}
126	0						}
127
128							# return response similar to Checkpoint API
129	0						return $response;
130							}
131
132							my $res = $self->post($url, $query_params);
133							my $code = $res->code;
134	0						my $data = $res->data;
135
136							$self->_error_handler($data)
137	0			0			unless $code == 200;
	0
	0
	0
	0
138	0
139	0						return $data;
140	0						}
141
142	0	0					my $res = $self->post($url, $object_data);
143							my $code = $res->code;
144							my $data = $res->data;
145	0						$self->_error_handler($data)
146							unless $code == 200;
147
148	0			0			return $data;
	0
	0
	0
	0
149	0						}
150	0
151	0						my $res = $self->post($url, $object);
152	0	0					my $code = $res->code;
153							my $data = $res->data;
154							$self->_error_handler($data)
155	0						unless $code == 200;
156
157							return 1;
158	0			0			}
	0
	0
	0
	0
159	0
160	0						Net::Checkpoint::Management::v1::Role::ObjectMethods->apply([
161	0						{
162	0	0					object => 'packages',
163							singular => 'package',
164							create => 'add-package',
165	0						list => 'show-packages',
166							get => 'show-package',
167							update => 'set-package',
168							delete => 'delete-package',
169							list_key => 'packages',
170							id_keys => [qw( uid name )],
171							},
172							{
173							object => 'accessrules',
174							singular => 'accessrule',
175							create => 'add-access-rule',
176							list => 'show-access-rulebase',
177							get => 'show-access-rule',
178							update => 'set-access-rule',
179							delete => 'delete-access-rule',
180							list_key => 'rulebase',
181							id_keys => ['uid', 'name', 'rule-number'],
182							},
183							{
184							object => 'networks',
185							singular => 'network',
186							create => 'add-network',
187							list => 'show-networks',
188							get => 'show-network',
189							update => 'set-network',
190							delete => 'delete-network',
191							list_key => 'objects',
192							id_keys => [qw( uid name )],
193							},
194							{
195							object => 'hosts',
196							singular => 'host',
197							create => 'add-host',
198							list => 'show-hosts',
199							get => 'show-host',
200							update => 'set-host',
201							delete => 'delete-host',
202							list_key => 'objects',
203							id_keys => [qw( uid name )],
204							},
205							{
206							object => 'groups',
207							singular => 'group',
208							create => 'add-group',
209							list => 'show-groups',
210							get => 'show-group',
211							update => 'set-group',
212							delete => 'delete-group',
213							list_key => 'objects',
214							id_keys => [qw( uid name )],
215							},
216							{
217							object => 'access_roles',
218							singular => 'access_role',
219							create => 'add-access-role',
220							list => 'show-access-roles',
221							get => 'show-access-role',
222							update => 'set-access-role',
223							delete => 'delete-access-role',
224							list_key => 'objects',
225							id_keys => [qw( uid name )],
226							},
227							{
228							object => 'services_tcp',
229							singular => 'service_tcp',
230							create => 'add-service-tcp',
231							list => 'show-services-tcp',
232							get => 'show-service-tcp',
233							update => 'set-service-tcp',
234							delete => 'delete-service-tcp',
235							list_key => 'objects',
236							id_keys => [qw( uid name )],
237							},
238							{
239							object => 'services_udp',
240							singular => 'service_udp',
241							create => 'add-service-udp',
242							list => 'show-services-udp',
243							get => 'show-service-udp',
244							update => 'set-service-udp',
245							delete => 'delete-service-udp',
246							list_key => 'objects',
247							id_keys => [qw( uid name )],
248							},
249							{
250							object => 'services_icmp',
251							singular => 'service_icmp',
252							create => 'add-service-icmp',
253							list => 'show-services-icmp',
254							get => 'show-service-icmp',
255							update => 'set-service-icmp',
256							delete => 'delete-service-icmp',
257							list_key => 'objects',
258							id_keys => [qw( uid name )],
259							},
260							{
261							object => 'services_icmpv6',
262							singular => 'service_icmpv6',
263							create => 'add-service-icmp6',
264							list => 'show-services-icmp6',
265							get => 'show-service-icmp6',
266							update => 'set-service-icmp6',
267							delete => 'delete-service-icmp6',
268							list_key => 'objects',
269							id_keys => [qw( uid name )],
270							},
271							{
272							object => 'services_other',
273							singular => 'service_other',
274							create => 'add-service-other',
275							list => 'show-services-other',
276							get => 'show-service-other',
277							update => 'set-service-other',
278							delete => 'delete-service-other',
279							list_key => 'objects',
280							id_keys => [qw( uid name )],
281							},
282							{
283							object => 'service_groups',
284							singular => 'service_group',
285							create => 'add-service-group',
286							list => 'show-service-groups',
287							get => 'show-service-group',
288							update => 'set-service-group',
289							delete => 'delete-service-group',
290							list_key => 'objects',
291							id_keys => [qw( uid name )],
292							},
293							{
294							object => 'sessions',
295							singular => 'session',
296							list => 'show-sessions',
297							get => 'show-session',
298							update => 'set-session',
299							list_key => 'objects',
300							},
301							{
302							object => 'tasks',
303							singular => 'task',
304							list => 'show-tasks',
305							get => 'show-task',
306							list_key => 'tasks',
307							},
308							]);
309
310
311							my $res = $self->post('/web_api/v1/login', {
312							user => $self->user,
313							password => $self->passwd,
314							});
315							if ($res->code == 200) {
316							my $api_version = $res->data->{'api-server-version'};
317							$self->api_version($api_version);
318							$self->set_persistent_header('X-chkp-sid',
319	0			0	1		$res->data->{sid});
	0
	0
320	0						}
321							else {
322							$self->_error_handler($res->data);
323							}
324	0	0					}
325	0
326	0
327							my $res = $self->post('/web_api/v1/logout', {});
328	0						my $code = $res->code;
329							my $data = $res->data;
330							$self->_error_handler($data)
331	0						unless $code == 200;
332							}
333
334
335							my $res = $self->post('/web_api/v' . $self->api_version . '/publish', {});
336	0			0	1		my $code = $res->code;
	0
	0
337	0						my $data = $res->data;
338	0						$self->_error_handler($data)
339	0						unless $code == 200;
340	0	0
341							return $data->{'task-id'};
342							}
343
344
345	0			0	1		my $res = $self->post('/web_api/v' . $self->api_version . '/discard', {});
	0
	0
346	0						my $code = $res->code;
347	0						my $data = $res->data;
348	0						$self->_error_handler($data)
349	0	0					unless $code == 200;
350
351							return $data;
352	0						}
353
354
355							croak "policy name missing"
356	0			0	1		unless defined $policyname;
	0
	0
357	0
358	0						my $res = $self->post('/web_api/v' . $self->api_version .
359	0						'/verify-policy', {
360	0	0					'policy-package' => $policyname,
361							});
362							my $code = $res->code;
363	0						my $data = $res->data;
364							$self->_error_handler($data)
365							unless $code == 200;
366
367	0			0	1		return $data->{'task-id'};
	0
	0
	0
368	0	0					}
369
370
371	0						croak "policy name missing"
372							unless defined $policyname;
373							croak "target(s) missing"
374							unless defined $targets;
375	0						croak "target(s) must be a single name or uid or a list of names or uids"
376	0						unless ref $targets eq ''
377	0	0					\|\| ref $targets eq 'ARRAY';
378							croak "parameters needs to be a hashref"
379							if defined $params && ref $params ne 'HASH';
380	0
381							my $res = $self->post('/web_api/v' . $self->api_version .
382							'/install-policy', {
383							$params->%*,
384	0			0	1		'policy-package' => $policyname,
	0
	0
	0
	0
	0
385	0	0					targets => $targets,
386							});
387	0	0					my $code = $res->code;
388							my $data = $res->data;
389	0	0	0				$self->_error_handler($data)
390							unless $code == 200;
391
392	0	0	0				return $data->{'task-id'};
393							}
394
395	0
396							croak "task-id missing"
397							unless defined $taskid;
398							croak "callback must be a coderef"
399							if defined $callback && ref $callback ne 'CODE';
400
401	0						my $task;
402	0						while (($task = $self->get_task({'task-id' => $taskid})->{tasks}[0])
403	0	0					&& $task->{status} eq 'in progress') {
404							&$callback($task)
405							if defined $callback;
406	0						sleep 1;
407							}
408							return $task;
409							}
410	0			0	1
	0
	0
	0
	0
411	0	0					1;
412
413	0	0	0
414							=pod
415
416	0						=encoding UTF-8
417	0		0
418							=head1 NAME
419	0	0
420							Net::Checkpoint::Management::v1 - Checkpoint Management API version 1.x client library
421	0
422							=head1 VERSION
423	0
424							version 0.001010
425
426							=head1 SYNOPSIS
427
428							use strict;
429							use warnings;
430							use Net::Checkpoint::Management::v1;
431
432							my $cpmgmt = Net::Checkpoint::Management::v1->new(
433							server => 'https://cpmgmt.example.com',
434							user => 'username',
435							passwd => '$password',
436							clientattrs => { timeout => 30 },
437							);
438
439							$cpmgmt->login;
440
441							=head1 DESCRIPTION
442
443							This module is a client library for the Checkpoint Management API version 1.x.
444							Currently it is developed and tested against version R80.40.
445
446							=head1 ATTRIBUTES
447
448							=head2 api_versions
449
450							Returns a list of all available API versions which gets populated on the first
451							call.
452							Only works on API version 1.1 and higher.
453
454							=head2 api_version
455
456							The API version used by all methods. Is automatically set to the highest
457							version available by the L</login> method.
458
459							=head1 METHODS
460
461							=head2 login
462
463							Logs into the Checkpoint Manager API using version 1.
464
465							=head2 logout
466
467							Logs out of the Checkpoint Manager API using version 1.
468
469							=head2 publish
470
471							Publishes all previously submitted changes.
472							Returns the task id on success.
473
474							=head2 discard
475
476							Discards all previously submitted changes.
477							Returns a hashref containing the operation status message and the number of
478							discarded changes.
479
480							=head2 verify_policy
481
482							Verifies the policy of the given package.
483
484							Takes a policy name.
485
486							Returns the task id on success.
487
488							=head2 install_policy
489
490							Installs the policy of the given package onto the given target(s).
491
492							Takes a policy name, target(s) and an optional hashref of additional
493							parameters.
494							The target(s) can be a single name or uid or a list of names or uids.
495
496							Returns the task id on success.
497
498							=head2 wait_for_task
499
500							Takes a task id and checks its status every second until it isn't
501							'in progress' any more and return the status.
502							Takes an optional callback coderef which is called for every check with the
503							task as argument.
504
505							=head1 AUTHOR
506
507							Alexander Hartmaier <abraxxa@cpan.org>
508
509							=head1 COPYRIGHT AND LICENSE
510
511							This software is copyright (c) 2020 by Alexander Hartmaier.
512
513							This is free software; you can redistribute it and/or modify it under
514							the same terms as the Perl 5 programming language system itself.
515
516							=cut