From 3c8bbccf177d0e3ecd67feb352a581a22caa96a0 Mon Sep 17 00:00:00 2001 From: royl Date: Sun, 12 Jul 2020 17:04:37 +0300 Subject: [PATCH] Add flags to show access/nat/threat policy as part of policy package --- README.md | 6 + .../examples/ShowPackageConfiguration.java | 113 +++++++++++++++++- .../mgmt_api/objects/PolicyPackage.java | 27 +++-- 3 files changed, 131 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index ad9e236..4a3ee34 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,12 @@ This flag is supported from R80.10 Jumbo HF take 70 • [--query-limit limit] (Optional): The objects query limit. No more than that many results will be returned. Minimum value is 1, maximum value is 500. Default value is 10. +• [--show-access-policy (true|false)] (Optional): Indicates whether to show access policy as part of policy package. Default value is True. + +• [--show-threat-policy (true|false)] (Optional): Indicates whether to show threat policy as part of policy package. Default value is True. + +• [--show-nat-policy (true|false)] (Optional): Indicates whether to show nat policy as part of policy package. Default value is True. + Use "--version" option to print the version of the tool Use "-h" option in order to see the full list of options to configure the tool diff --git a/src/main/java/com/checkpoint/mgmt_api/examples/ShowPackageConfiguration.java b/src/main/java/com/checkpoint/mgmt_api/examples/ShowPackageConfiguration.java index 988a474..110a16c 100644 --- a/src/main/java/com/checkpoint/mgmt_api/examples/ShowPackageConfiguration.java +++ b/src/main/java/com/checkpoint/mgmt_api/examples/ShowPackageConfiguration.java @@ -23,7 +23,7 @@ * This class holds all the configuration parameters. * Responsible for defining the parameters according to the arguments passed from the user. */ -enum ShowPackageConfiguration { +public enum ShowPackageConfiguration { INSTANCE; @@ -76,6 +76,12 @@ enum ShowPackageConfiguration { List gatewaysWithPolicy = new ArrayList<>(); private static Set knownInlineLayers = new HashSet<>(); private static String publishedSessionUid; + + // Indicates whether to show Access/Threat/NAT policy as part of policy package. Default is true. + private static boolean doShowAccessPolicy = true; + private static boolean doShowThreatPolicy = true; + private static boolean doShowNatPolicy = true; + /*Logger settings*/ private static final MyLogger logger = new MyLogger("MyLog", null); @@ -523,16 +529,19 @@ public Integer getQueryLimit() public boolean showRulesHitCounts() { return showRulesHitCounts; } - public Boolean getShowMembership() - { - return showMembership; - } + public Boolean getShowMembership() { return showMembership; } public Boolean getDereferenceGroupMembers() { return dereferenceGroupMembers; } + public boolean showAccessPolicyFlag() { return doShowAccessPolicy; } + + public boolean showThreatPolicyFlag() { return doShowThreatPolicy; } + + public boolean showNatPolicyFlag() { return doShowNatPolicy; } + /** * This enum defines the known flags and the actions each of them does. */ @@ -979,7 +988,99 @@ String value() { return " published session uid"; } - },; + }, + showAccessPolicy("--show-access-policy"){ + @Override + void flagToString() + { + System.out.println("\tIndicates whether to show access policy as part of policy package. Default value is True."); + } + + @Override + void runCommand(String value) + { + if (!value.equalsIgnoreCase("true") && !value.equalsIgnoreCase("false")) { + final String errorMessage = "The value of --show-access-policy is invalid (must be true or false)"; + System.out.println(errorMessage); + throw new IllegalArgumentException(errorMessage); + } + ShowPackageConfiguration.doShowAccessPolicy = Boolean.parseBoolean(value); + } + + @Override + String debugString() + { + return "Show access policy (--show-access-policy)=" + doShowAccessPolicy; + } + + @Override + String value() + { + return " (true|false)"; + } + }, + showThreatPolicy("--show-threat-policy"){ + @Override + void flagToString() + { + System.out.println("\tIndicates whether to show threat policy as part of policy package. Default value is True."); + } + + @Override + void runCommand(String value) + { + if (!value.equalsIgnoreCase("true") && !value.equalsIgnoreCase("false")) { + final String errorMessage = "The value of --show-threat-policy is invalid (must be true or false)"; + System.out.println(errorMessage); + throw new IllegalArgumentException(errorMessage); + } + + ShowPackageConfiguration.doShowThreatPolicy = Boolean.parseBoolean(value); + } + + @Override + String debugString() + { + return "Show threat policy (--show-threat-policy)=" + doShowThreatPolicy; + } + + @Override + String value() + { + return " (true|false)"; + } + }, + showNatPolicy("--show-nat-policy"){ + @Override + void flagToString() + { + System.out.println("\tIndicates whether to show NAT policy as part of policy package. Default value is True."); + } + + @Override + void runCommand(String value) + { + if (!value.equalsIgnoreCase("true") && !value.equalsIgnoreCase("false")) { + final String errorMessage = "The value of --show-nat-policy is invalid (must be true or false)"; + System.out.println(errorMessage); + throw new IllegalArgumentException(errorMessage); + } + ShowPackageConfiguration.doShowNatPolicy = Boolean.parseBoolean(value); + } + + @Override + String debugString() + { + return "Show nat policy (--show-nat-policy)=" + doShowNatPolicy; + } + + @Override + String value() + { + return " (true|false)"; + } + }, + ; private String flag; diff --git a/src/main/java/com/checkpoint/mgmt_api/objects/PolicyPackage.java b/src/main/java/com/checkpoint/mgmt_api/objects/PolicyPackage.java index 89adfe0..64420a0 100644 --- a/src/main/java/com/checkpoint/mgmt_api/objects/PolicyPackage.java +++ b/src/main/java/com/checkpoint/mgmt_api/objects/PolicyPackage.java @@ -1,5 +1,6 @@ package com.checkpoint.mgmt_api.objects; +import com.checkpoint.mgmt_api.examples.ShowPackageConfiguration; import org.json.simple.JSONArray; import org.json.simple.JSONObject; import java.util.*; @@ -54,19 +55,27 @@ public JSONObject toJson(){ jsonObject.put("packageName",packageName); - JSONArray accessLayersArray = new JSONArray(); - for (Layer access : accessLayers){ - accessLayersArray.add(access.toJson()); + if(ShowPackageConfiguration.INSTANCE.showAccessPolicyFlag()){ + JSONArray accessLayersArray = new JSONArray(); + for (Layer access : accessLayers){ + accessLayersArray.add(access.toJson()); + } + jsonObject.put("accessLayers",accessLayersArray); + }else{ + jsonObject.put("accessLayers", Collections.emptyList()); } - jsonObject.put("accessLayers",accessLayersArray); - JSONArray threatLayersArray = new JSONArray(); - for (Layer threat : threatLayers){ - threatLayersArray.add(threat.toJson()); + if(ShowPackageConfiguration.INSTANCE.showThreatPolicyFlag()){ + JSONArray threatLayersArray = new JSONArray(); + for (Layer threat : threatLayers){ + threatLayersArray.add(threat.toJson()); + } + jsonObject.put("threatLayers",threatLayersArray); + }else{ + jsonObject.put("threatLayers", Collections.emptyList()); } - jsonObject.put("threatLayers",threatLayersArray); - if(natLayer != null) { + if(ShowPackageConfiguration.INSTANCE.showNatPolicyFlag()) { jsonObject.put("natLayer", natLayer.toJson()); } else {