Merge pull request CactuseSecurity#4250 from Y4nnikH/feat/importer-enhancements

feat(importer): handle import_disabled and improve code

Author: tpurschke

roles/common/files/fwo-api-calls/allObjects/fixRefTables.graphql

@@ -0,0 +1,106 @@
+mutation fixRefTables($importId: bigint!, $mgmId: Int!) {
+  update_rule_from(
+    where: {
+      removed: { _is_null: true }
+      rule: { mgm_id: { _eq: $mgmId } }
+      _or: [
+        { rule: { removed: { _is_null: false } } }
+        { object: { removed: { _is_null: false } } }
+      ]
+    }
+    _set: { removed: $importId }
+  ) {
+    affected_rows
+  }
+  update_rule_to(
+    where: {
+      removed: { _is_null: true }
+      rule: { mgm_id: { _eq: $mgmId } }
+      _or: [
+        { rule: { removed: { _is_null: false } } }
+        { object: { removed: { _is_null: false } } }
+      ]
+    }
+    _set: { removed: $importId }
+  ) {
+    affected_rows
+  }
+  update_rule_nwobj_resolved(
+    where: {
+      removed: { _is_null: true }
+      rule: { mgm_id: { _eq: $mgmId } }
+      _or: [
+        { rule: { removed: { _is_null: false } } }
+        { object: { removed: { _is_null: false } } }
+      ]
+    }
+    _set: { removed: $importId }
+  ) {
+    affected_rows
+  }
+  update_rule_service(
+    where: {
+      removed: { _is_null: true }
+      rule: { mgm_id: { _eq: $mgmId } }
+      _or: [
+        { rule: { removed: { _is_null: false } } }
+        { service: { removed: { _is_null: false } } }
+      ]
+    }
+    _set: { removed: $importId }
+  ) {
+    affected_rows
+  }
+  update_rule_svc_resolved(
+    where: {
+      removed: { _is_null: true }
+      rule: { mgm_id: { _eq: $mgmId } }
+      _or: [
+        { rule: { removed: { _is_null: false } } }
+        { service: { removed: { _is_null: false } } }
+      ]
+    }
+    _set: { removed: $importId }
+  ) {
+    affected_rows
+  }
+  update_rule_user_resolved(
+    where: {
+      removed: { _is_null: true }
+      rule: { mgm_id: { _eq: $mgmId } }
+      _or: [
+        { rule: { removed: { _is_null: false } } }
+        { usr: { removed: { _is_null: false } } }
+      ]
+    }
+    _set: { removed: $importId }
+  ) {
+    affected_rows
+  }
+  update_rule_from_zone(
+    where: {
+      removed: { _is_null: true }
+      rule: { mgm_id: { _eq: $mgmId } }
+      _or: [
+        { rule: { removed: { _is_null: false } } }
+        { zone: { removed: { _is_null: false } } }
+      ]
+    }
+    _set: { removed: $importId }
+  ) {
+    affected_rows
+  }
+  update_rule_to_zone(
+    where: {
+      removed: { _is_null: true }
+      rule: { mgm_id: { _eq: $mgmId } }
+      _or: [
+        { rule: { removed: { _is_null: false } } }
+        { zone: { removed: { _is_null: false } } }
+      ]
+    }
+    _set: { removed: $importId }
+  ) {
+    affected_rows
+  }
+}

roles/common/files/fwo-api-calls/device/getSubManagerUids.graphql

@@ -0,0 +1,7 @@
+query getSubManagerUids($mgmId: Int!)
+{
+  management(where: {multi_device_manager_id: {_eq: $mgmId}}) {
+    mgm_id
+    mgm_uid
+  }
+}

roles/common/files/fwo-api-calls/device/markGatewaysRemoved.graphql

@@ -0,0 +1,14 @@
+mutation markGatewaysRemoved($gwIds: [Int!], $importId: bigint!) {
+  update_rulebase_link(
+    where: { gw_id: { _in: $gwIds }, removed: { _is_null: true } }
+    _set: { removed: $importId }
+  ) {
+    affected_rows
+  }
+  update_rule_enforced_on_gateway(
+    where: { dev_id: { _in: $gwIds }, removed: { _is_null: true } }
+    _set: { removed: $importId }
+  ) {
+    affected_rows
+  }
+}

roles/common/files/fwo-api-calls/device/markManagersRemoved.graphql

@@ -0,0 +1,24 @@
+mutation markManagersRemoved($mgmIds: [Int!], $importId: bigint!) {
+    update_rule(where: {mgm_id: {_in: $mgmIds}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_rulebase(where: {mgm_id: {_in: $mgmIds}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_rulebase_link(where: {device: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_object(where: {mgm_id: {_in: $mgmIds}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_service(where: {mgm_id: {_in: $mgmIds}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_usr(where: {mgm_id: {_in: $mgmIds}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_zone(where: {mgm_id: {_in: $mgmIds}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_objgrp(where: {object: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_svcgrp(where: {service: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_usergrp(where: {usr: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_objgrp_flat(where: {object: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_svcgrp_flat(where: {service: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_usergrp_flat(where: {usr: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_rule_to(where: {rule: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_rule_from(where: {rule: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_rule_service(where: {rule: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_rule_nwobj_resolved(where: {rule: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_rule_svc_resolved(where: {rule: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_rule_user_resolved(where: {rule: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_rule_from_zone(where: {rule: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_rule_to_zone(where: {rule: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }
+    update_rule_enforced_on_gateway(where: {rule: {mgm_id: {_in: $mgmIds}}, removed: {_is_null: true}}, _set: {removed: $importId}) { affected_rows }         
+}

roles/common/files/fwo-api-calls/rule/getRulesByUidsWithCreate.graphql

@@ -0,0 +1,16 @@
+query getRulesByUidsWithCreate($uids: [String!], $mgmId: Int!) {
+  rule(
+    where: {
+      rule_uid: { _in: $uids }
+      _or: [
+        { mgm_id: { _eq: $mgmId } }
+        { management: { multi_device_manager_id: { _eq: $mgmId } } }
+      ]
+      removed: { _is_null: true }
+    }
+  ) {
+    rule_id
+    rule_uid
+    rule_create
+  }
+}

roles/common/files/fwo-api-calls/rule/getRulesEnforcedOnGateways.graphql

@@ -0,0 +1,15 @@
+query getRulesEnforcedOnGateways($gwIds: [Int!]!) {
+  rule_enforced_on_gateway(
+    where: { dev_id: { _in: $gwIds }, removed: { _is_null: true } }
+  ) {
+    rule {
+      rule_id
+      rule_uid
+      removed
+    }
+    device {
+      dev_id
+      dev_uid
+    }
+  }
+}

roles/common/files/fwo-api-calls/rule/insertRuleEnforcedOnGateway.graphql

@@ -0,0 +1,7 @@
+mutation insertRuleEnforcedOnGateway (
+  $rulesEnforcedOnGateway: [rule_enforced_on_gateway_insert_input!]!
+) {
+  insert_rule_enforced_on_gateway(objects: $rulesEnforcedOnGateway) {
+    affected_rows
+  }
+}

roles/common/files/fwo-api-calls/rule/removeInconsistentEnforcedOnGateways.graphql

@@ -0,0 +1,15 @@
+mutation removeInconsistentEnforcedOnGateways(
+  $gwIds: [Int!]!
+  $importId: bigint!
+) {
+  update_rule_enforced_on_gateway(
+    where: {
+      dev_id: { _in: $gwIds }
+      removed: { _is_null: true }
+      rule: { removed: { _is_null: false } }
+    }
+    _set: { removed: $importId }
+  ) {
+    affected_rows
+  }
+}

roles/common/files/fwo-api-calls/rule/updateRuleEnforcedOnGateway.graphql

@@ -0,0 +1,13 @@
+mutation updateRuleEnforcedOnGateway(
+    $importId: bigint!
+    $rulesEnforcedOnGateway: [rule_enforced_on_gateway_bool_exp!]!
+) {
+    update_rule_enforced_on_gateway(where: {
+        _or: $rulesEnforcedOnGateway
+        removed: {_is_null: true}
+    }, _set: {
+        removed: $importId
+    }) {
+        affected_rows
+    }
+}

roles/importer/files/importer/fw_modules/checkpointR8x/cp_getter.py

@@ -63,7 +63,10 @@ def login(mgm_details: ManagementController):
     FWOLogger.debug(f"login - login to url {base_url} with user {mgm_details.import_user}", 3)
     response = cp_api_call(base_url, "login", payload, "")
     if "sid" not in response:
-        exception_text = f"getter ERROR: did not receive a sid, api call: {base_url}"
+        exception_text = (
+            f"getter ERROR: did not receive a sid for api call: {base_url}. "
+            "Please check credentials, API URL, network connectivity, and user permissions."
+        )
         raise FwLoginFailedError(exception_text)
     return response["sid"]