Check Point vendor logo

Vendor

Check Point

Product

Firewall

Method

REST

Category

Security (SASE)

Project Type

Adapter


View Repository
Adapter

Adapter for Integration to Check Point Firewall Management

Overview

This adapter is used to integrate the Itential Automation Platform (IAP) with the Checkpoint_Management System. The API that was used to build the adapter for Checkpoint_Management is usually available in the report directory of this adapter. The adapter utilizes the Checkpoint_Management API to provide the integrations that are deemed pertinent to IAP. The ReadMe file is intended to provide information on this adapter it is generated from various other Markdown files.

Details

The Check Point Management adapter from Itential is used to integrate the Itential Automation Platform (IAP) with Check Point Management. With this adapter you have the ability to perform operations such as:

  • Configure and Manage Check Point Managed Gateways.

For further technical details on how to install and use this adapter, please click the Technical Documentation tab.

Check Point Management

Table of Contents

Getting Started

These instructions will help you get a copy of the project on your local machine for development and testing. Reading this section is also helpful for deployments as it provides you with pertinent information on prerequisites and properties.

Helpful Background Information

There is Adapter documentation available on the Itential Documentation Site. This documentation includes information and examples that are helpful for:

Authentication
IAP Service Instance Configuration
Code Files
Endpoint Configuration (Action & Schema)
Mock Data
Adapter Generic Methods
Headers
Security
Linting and Testing
Build an Adapter
Troubleshooting an Adapter

Others will be added over time. Want to build a new adapter? Use the Itential Adapter Builder

Prerequisites

The following is a list of required packages for installation on the system the adapter will run on:

Node.js
npm
Git

The following list of packages are required for Itential opensource adapters or custom adapters that have been built utilizing the Itential Adapter Builder. You can install these packages by running npm install inside the adapter directory.

PackageDescription
@itentialopensource/adapter-utilsRuntime library classes for all adapters; includes request handling, connection, authentication throttling, and translation.
ajvRequired for validation of adapter properties to integrate with Checkpoint_Management.
axiosUtilized by the node scripts that are included with the adapter; helps to build and extend the functionality.
commanderUtilized by the node scripts that are included with the adapter; helps to build and extend the functionality.
dns-lookup-promiseUtilized by the node scripts that are included with the adapter; helps to build and extend the functionality.
fs-extraUtilized by the node scripts that are included with the adapter; helps to build and extend the functionality.
mochaTesting library that is utilized by some of the node scripts that are included with the adapter.
mocha-paramTesting library that is utilized by some of the node scripts that are included with the adapter.
mongodbUtilized by the node scripts that are included with the adapter; helps to build and extend the functionality.
nycTesting coverage library that is utilized by some of the node scripts that are included with the adapter.
pingUtilized by the node scripts that are included with the adapter; helps to build and extend the functionality.
readline-syncUtilized by the node script that comes with the adapter; helps to test unit and integration functionality.
semverUtilized by the node scripts that are included with the adapter; helps to build and extend the functionality.
winstonUtilized by the node scripts that are included with the adapter; helps to build and extend the functionality.

If you are developing and testing a custom adapter, or have testing capabilities on an Itential opensource adapter, you will need to install these packages as well.

chai
eslint
eslint-config-airbnb-base
eslint-plugin-import
eslint-plugin-json
testdouble

How to Install

  1. Set up the name space location in your IAP node_modules.
cd /opt/pronghorn/current/node_modules (* could be in a different place)
if the @itentialopensource directory does not exist, create it:
    mkdir @itentialopensource
  1. Clone/unzip/tar the adapter into your IAP environment.
cd \@itentialopensource
git clone git@gitlab.com:\@itentialopensource/adapters/adapter-checkpoint_management
or
unzip adapter-checkpoint_management.zip
or
tar -xvf adapter-checkpoint_management.tar
  1. Run the adapter install script.
cd adapter-checkpoint_management
npm install
npm run lint:errors
npm run test
  1. Restart IAP
systemctl restart pronghorn
  1. Create an adapter service instance configuration in IAP Admin Essentials GUI

  2. Copy the properties from the sampleProperties.json and paste them into the service instance configuration in the inner/second properties field.

  3. Change the adapter service instance configuration (host, port, credentials, etc) in IAP Admin Essentials GUI

For an easier install of the adapter use npm run adapter:install, it will install the adapter in IAP. Please note that it can be dependent on where the adapter is installed and on the version of IAP so it is subject to fail. If using this, you can replace step 3-5 above with these:

  1. Install adapter dependencies and check the adapter.
cd adapter-checkpoint_management
npm run adapter:install
  1. Restart IAP
systemctl restart pronghorn
  1. Change the adapter service instance configuration (host, port, credentials, etc) in IAP Admin Essentials GUI

Testing

Mocha is generally used to test all Itential Opensource Adapters. There are unit tests as well as integration tests performed. Integration tests can generally be run as standalone using mock data and running the adapter in stub mode, or as integrated. When running integrated, every effort is made to prevent environmental failures, however there is still a possibility.

Unit Testing

Unit Testing includes testing basic adapter functionality as well as error conditions that are triggered in the adapter prior to any integration. There are two ways to run unit tests. The prefered method is to use the testRunner script; however, both methods are provided here.

node utils/testRunner --unit

npm run test:unit
npm run test:baseunit

To add new unit tests, edit the test/unit/adapterTestUnit.js file. The tests that are already in this file should provide guidance for adding additional tests.

Integration Testing - Standalone

Standalone Integration Testing requires mock data to be provided with the entities. If this data is not provided, standalone integration testing will fail. When the adapter is set to run in stub mode (setting the stub property to true), the adapter will run through its code up to the point of making the request. It will then retrieve the mock data and return that as if it had received that data as the response from Checkpoint_Management. It will then translate the data so that the adapter can return the expected response to the rest of the Itential software. Standalone is the default integration test.

Similar to unit testing, there are two ways to run integration tests. Using the testRunner script is better because it prevents you from having to edit the test script; it will also resets information after testing is complete so that credentials are not saved in the file.

node utils/testRunner
  answer no at the first prompt

npm run test:integration

To add new integration tests, edit the test/integration/adapterTestIntegration.js file. The tests that are already in this file should provide guidance for adding additional tests.

Integration Testing

Integration Testing requires connectivity to Checkpoint_Management. By using the testRunner script it prevents you from having to edit the integration test. It also resets the integration test after the test is complete so that credentials are not saved in the file.

Note: These tests have been written as a best effort to make them work in most environments. However, the Adapter Builder often does not have the necessary information that is required to set up valid integration tests. For example, the order of the requests can be very important and data is often required for creates and updates. Hence, integration tests may have to be enhanced before they will work (integrate) with Checkpoint_Management. Even after tests have been set up properly, it is possible there are environmental constraints that could result in test failures. Some examples of possible environmental issues are customizations that have been made within Checkpoint_Management which change order dependencies or required data.

node utils/testRunner
answer yes at the first prompt
answer all other questions on connectivity and credentials

Test should also be written to clean up after themselves. However, it is important to understand that in some cases this may not be possible. In addition, whenever exceptions occur, test execution may be stopped, which will prevent cleanup actions from running. It is recommended that tests be utilized in dev and test labs only.

Reminder: Do not check in code with actual credentials to systems.

Configuration

This section defines all the properties that are available for the adapter, including detailed information on what each property is for. If you are not using certain capabilities with this adapter, you do not need to define all of the properties. An example of how the properties for this adapter can be used with tests or IAP are provided in the sampleProperties.

Example Properties

  "properties": {
    "host": "INSERT CHECKPOINT HOST HERE",
    "port": 443,
    "choosepath": "",
    "base_path": "/web_api",
    "version": "",
    "cache_location": "none",
    "encode_pathvars": true,
    "encode_queryvars": true,
    "save_metric": false,
    "stub": true,
    "protocol": "https",
    "authentication": {
      "auth_method": "request_token",
      "username": "INSERT USER NAME HERE",
      "password": "INSERT PASSWORD HERE",
      "token": "",
      "token_user_field": "user",
      "token_password_field": "password",
      "token_result_field": "sid",
      "token_URI_path": "/login",
      "token_timeout": 3600000,
      "token_cache": "local",
      "invalid_token_error": 400,
      "auth_field": "header.headers.x-chkp-sid",
      "auth_field_format": "{token}",
      "auth_logging": false,
      "client_id": "",
      "client_secret": "",
      "grant_type": "",
      "sensitive": [],
      "sso": {
        "protocol": "",
        "host": "",
        "port": 0
      },
      "multiStepAuthCalls": [
        {
          "name": "",
          "requestFields": {},
          "responseFields": {},
          "successfullResponseCode": 200
        }
      ]
    },
    "healthcheck": {
      "type": "startup",
      "frequency": 60000,
      "query_object": {},
      "addlHeaders": {}
    },
    "throttle": {
      "throttle_enabled": false,
      "number_pronghorns": 1,
      "sync_async": "sync",
      "max_in_queue": 1000,
      "concurrent_max": 1,
      "expire_timeout": 0,
      "avg_runtime": 200,
      "priorities": [
        {
          "value": 0,
          "percent": 100
        }
      ]
    },
    "request": {
      "number_redirects": 0,
      "number_retries": 3,
      "limit_retry_error": 0,
      "failover_codes": [],
      "attempt_timeout": 5000,
      "global_request": {
        "payload": {},
        "uriOptions": {},
        "addlHeaders": {},
        "authData": {
          "session-timeout": 3600,
          "domain": "INSERT LOGIN DOMAIN"
        }
      },
      "healthcheck_on_timeout": true,
      "return_raw": false,
      "archiving": false,
      "return_request": false
    },
    "proxy": {
      "enabled": false,
      "host": "",
      "port": 1,
      "protocol": "http",
      "username": "",
      "password": ""
    },
    "ssl": {
      "ecdhCurve": "",
      "enabled": false,
      "accept_invalid_cert": true,
      "ca_file": "",
      "key_file": "",
      "cert_file": "",
      "secure_protocol": "",
      "ciphers": ""
    },
    "mongo": {
      "host": "",
      "port": 0,
      "database": "",
      "username": "",
      "password": "",
      "replSet": "",
      "db_ssl": {
        "enabled": false,
        "accept_invalid_cert": false,
        "ca_file": "",
        "key_file": "",
        "cert_file": ""
      }
    },
    "devicebroker": {
      "enabled": true,
      "getDevice": [
        {
          "path": "/show-simple-gateway",
          "method": "POST",
          "query": {},
          "body": {
            "uid": "{uid}"
          },
          "headers": {},
          "handleFailure": "ignore",
          "requestFields": {
            "uid": "{uid}"
          },
          "responseDatakey": "",
          "responseFields": {
            "name": "{name}",
            "ostype": "{type}",
            "ostypePrefix": "chkpt-",
            "ipaddress": "{ipv4-address}",
            "port": "n/a"
          }
        },
        {
          "path": "/show-lsm-gateway",
          "method": "POST",
          "query": {},
          "body": {
            "uid": "{uid}"
          },
          "headers": {},
          "handleFailure": "ignore",
          "requestFields": {
            "uid": "{uid}"
          },
          "responseDatakey": "",
          "responseFields": {
            "name": "{name}",
            "ostype": "{type}",
            "ostypePrefix": "chkpt-",
            "ipaddress": "{ipv4-address}",
            "port": "n/a"
          }
        }
      ],
      "getDevicesFiltered": [
        {
          "path": "/show-gateways-and-servers",
          "method": "POST",
          "pagination": {
            "offsetVar": "offset",
            "limitVar": "limit",
            "incrementBy": "limit",
            "requestLocation": "body"
          },
          "query": {},
          "body": {
            "offset": "0",
            "limit": "500"
          },
          "headers": {},
          "handleFailure": "ignore",
          "requestFields": {},
          "responseDatakey": "",
          "responseFields": {
            "name": "{name}",
            "ostype": "{type}",
            "ostypePrefix": "chkpt-",
            "ipaddress": "n/a",
            "port": "n/a",
            "uid": "{uid}"
          }
        }
      ],
      "isAlive": [
        {
          "path": "/show-simple-gateway",
          "method": "POST",
          "query": {},
          "body": {
            "uid": "{uid}"
          },
          "headers": {},
          "handleFailure": "ignore",
          "requestFields": {
            "uid": "{uid}"
          },
          "responseDatakey": "meta-info",
          "responseFields": {
            "status": "{validation-state}",
            "statusValue": "ok"
          }
        },
        {
          "path": "/show-lsm-gateway",
          "method": "POST",
          "query": {},
          "body": {
            "uid": "{uid}"
          },
          "headers": {},
          "handleFailure": "ignore",
          "requestFields": {
            "uid": "{uid}"
          },
          "responseDatakey": "meta-info",
          "responseFields": {
            "status": "{validation-state}",
            "statusValue": "ok"
          }
        }
      ],
      "getConfig": [
        {
          "path": "/show-simple-gateway",
          "method": "POST",
          "query": {},
          "body": {
            "uid": "{uid}"
          },
          "headers": {},
          "handleFailure": "ignore",
          "requestFields": {
            "uid": "{uid}"
          },
          "responseDatakey": "",
          "responseFields": {}
        },
        {
          "path": "/show-lsm-gateway",
          "method": "POST",
          "query": {},
          "body": {
            "uid": "{uid}"
          },
          "headers": {},
          "handleFailure": "ignore",
          "requestFields": {
            "uid": "{uid}"
          },
          "responseDatakey": "",
          "responseFields": {}
        }
      ],
      "getCount": [
        {
          "path": "/show-gateways-and-servers",
          "method": "POST",
          "query": {},
          "body": {
            "offset": "0",
            "limit": "500"
          },
          "headers": {},
          "handleFailure": "ignore",
          "requestFields": {},
          "responseDatakey": "",
          "responseFields": {}
        }
      ]
    },
    "cache": {
      "enabled": false,
      "entities": [
        {
          "entityType": "device",
          "frequency": 3600,
          "flushOnFail": false,
          "limit": 1000,
          "retryAttempts": 5,
          "sort": true,
          "populate": [
            {
              "path": "/show-gateways-and-servers",
              "method": "POST",
              "pagination": {
                "offsetVar": "offset",
                "limitVar": "limit",
                "incrementBy": "limit",
                "requestLocation": "body"
              },
              "query": {},
              "body": {
                "offset": "0",
                "limit": "500"
              },
              "headers": {},
              "handleFailure": "ignore",
              "requestFields": {},
              "responseDatakey": "",
              "responseFields": {
                "name": "{name}",
                "ostype": "{type}",
                "ostypePrefix": "chkpt-",
                "ipaddress": "n/a",
                "port": "n/a",
                "uid": "{uid}"
              }
            }
          ],
          "cachedTasks": [
            {
              "name": "",
              "filterField": "",
              "filterLoc": ""
            }
          ]
        }
      ]
    }
  }

Connection Properties

These base properties are used to connect to Checkpoint_Management upon the adapter initially coming up. It is important to set these properties appropriately.

PropertyDescription
hostRequired. A fully qualified domain name or IP address.
portRequired. Used to connect to the server.
base_pathOptional. Used to define part of a path that is consistent for all or most endpoints. It makes the URIs easier to use and maintain but can be overridden on individual calls. An example **base_path** might be `/rest/api`. Default is ``.
versionOptional. Used to set a global version for action endpoints. This makes it faster to update the adapter when endpoints change. As with the base-path, version can be overridden on individual endpoints. Default is ``.
cache_locationOptional. Used to define where the adapter cache is located. The cache is used to maintain an entity list to improve performance. Storage locally is lost when the adapter is restarted. Storage in Redis is preserved upon adapter restart. Default is none which means no caching of the entity list.
encode_pathvarsOptional. Used to tell the adapter to encode path variables or not. The default behavior is to encode them so this property can be used to stop that behavior.
encode_queryvarsOptional. Used to tell the adapter to encode query parameters or not. The default behavior is to encode them so this property can be used to stop that behavior.
save_metricOptional. Used to tell the adapter to save metric information (this does not impact metrics returned on calls). This allows the adapter to gather metrics over time. Metric data can be stored in a database or on the file system.
stubOptional. Indicates whether the stub should run instead of making calls to Checkpoint_Management (very useful during basic testing). Default is false (which means connect to Checkpoint_Management).
protocolOptional. Notifies the adapter whether to use HTTP or HTTPS. Default is HTTP.

A connectivity check tells IAP the adapter has loaded successfully.

Authentication Properties

The following properties are used to define the authentication process to Checkpoint_Management.

Note: Depending on the method that is used to authenticate with Checkpoint_Management, you may not need to set all of the authentication properties.

PropertyDescription
auth_methodRequired. Used to define the type of authentication currently supported. Authentication methods currently supported are: `basic user_password`, `static_token`, `request_token`, and `no_authentication`.
usernameUsed to authenticate with Checkpoint_Management on every request or when pulling a token that will be used in subsequent requests.
passwordUsed to authenticate with Checkpoint_Management on every request or when pulling a token that will be used in subsequent requests.
tokenDefines a static token that can be used on all requests. Only used with `static_token` as an authentication method (auth\_method).
invalid_token_errorDefines the HTTP error that is received when the token is invalid. Notifies the adapter to pull a new token and retry the request. Default is 401.
token_timeoutDefines how long a token is valid. Measured in milliseconds. Once a dynamic token is no longer valid, the adapter has to pull a new token. If the token_timeout is set to -1, the adapter will pull a token on every request to Checkpoint_Management. If the timeout_token is 0, the adapter will use the expiration from the token response to determine when the token is no longer valid.
token_cacheUsed to determine where the token should be stored (local memory or in Redis).
auth_fieldDefines the request field the authentication (e.g., token are basic auth credentials) needs to be placed in order for the calls to work.
auth_field_formatDefines the format of the auth\_field. See examples below. Items enclosed in {} inform the adapter to perofrm an action prior to sending the data. It may be to replace the item with a value or it may be to encode the item.
auth_loggingSetting this true will add some additional logs but this should only be done when trying to debug an issue as certain credential information may be logged out when this is true.
client_idProvide a client id when needed, this is common on some types of OAuth.
client_secretProvide a client secret when needed, this is common on some types of OAuth.
grant_typeProvide a grant type when needed, this is common on some types of OAuth.

Examples of authentication field format

"{token}"
"Token {token}"
"{username}:{password}"
"Basic {b64}{username}:{password}{/b64}"

Healthcheck Properties

The healthcheck properties defines the API that runs the healthcheck to tell the adapter that it can reach Checkpoint_Management. There are currently three types of healthchecks.

  • None - Not recommended. Adapter will not run a healthcheck. Consequently, unable to determine before making a request if the adapter can reach Checkpoint_Management.
  • Startup - Adapter will check for connectivity when the adapter initially comes up, but it will not check afterwards.
  • Intermittent - Adapter will check connectivity to Checkpoint_Management at a frequency defined in the frequency property.
PropertyDescription
typeRequired. The type of health check to run.
frequencyRequired if intermittent. Defines how often the health check should run. Measured in milliseconds. Default is 300000.
query_objectQuery parameters to be added to the adapter healthcheck call.

Request Properties

The request section defines properties to help handle requests.

PropertyDescription
number_redirectsOptional. Tells the adapter that the request may be redirected and gives it a maximum number of redirects to allow before returning an error. Default is 0 - no redirects.
number_retriesTells the adapter how many times to retry a request that has either aborted or reached a limit error before giving up and returning an error.
limit_retry_errorOptional. Can be either an integer or an array. Indicates the http error status number to define that no capacity was available and, after waiting a short interval, the adapter can retry the request. If an array is provvided, the array can contain integers or strings. Strings in the array are used to define ranges (e.g. "502-506"). Default is [0].
failover_codesAn array of error codes for which the adapter will send back a failover flag to IAP so that the Platform can attempt the action in another adapter.
attempt_timeoutOptional. Tells how long the adapter should wait before aborting the attempt. On abort, the adapter will do one of two things: 1) return the error; or 2) if **healthcheck\_on\_timeout** is set to true, it will abort the request and run a Healthcheck until it re-establishes connectivity to Checkpoint_Management, and then will re-attempt the request that aborted. Default is 5000 milliseconds.
global_requestOptional. This is information that the adapter can include in all requests to the other system. This is easier to define and maintain than adding this information in either the code (adapter.js) or the action files.
global_request -> payloadOptional. Defines any information that should be included on all requests sent to the other system that have a payload/body.
global_request -> uriOptionsOptional. Defines any information that should be sent as untranslated query options (e.g. page, size) on all requests to the other system.
global_request -> addlHeadersOptioonal. Defines any headers that should be sent on all requests to the other system.
global_request -> authDataOptional. Defines any additional authentication data used to authentice with the other system. This authData needs to be consistent on every request.
healthcheck_on_timeoutRequired. Defines if the adapter should run a health check on timeout. If set to true, the adapter will abort the request and run a health check until it re-establishes connectivity and then it will re-attempt the request.
return_rawOptional. Tells the adapter whether the raw response should be returned as well as the IAP response. This is helpful when running integration tests to save mock data. It does add overhead to the response object so it is not ideal from production.
archivingOptional flag. Default is false. It archives the request, the results and the various times (wait time, Checkpoint_Management time and overall time) in the `adapterid_results` collection in MongoDB. Although archiving might be desirable, be sure to develop a strategy before enabling this capability. Consider how much to archive and what strategy to use for cleaning up the collection in the database so that it does not become too large, especially if the responses are large.
return_requestOptional flag. Default is false. Will return the actual request that is made including headers. This should only be used during debugging issues as there could be credentials in the actual request.

SSL Properties

The SSL section defines the properties utilized for ssl authentication with Checkpoint_Management. SSL can work two different ways: set the accept\_invalid\_certs flag to true (only recommended for lab environments), or provide a ca\_file.

PropertyDescription
enabledIf SSL is required, set to true.
accept_invalid_certsDefines if the adapter should accept invalid certificates (only recommended for lab environments). Required if SSL is enabled. Default is false.
ca_fileDefines the path name to the CA file used for SSL. If SSL is enabled and the accept invalid certifications is false, then ca_file is required.
key_fileDefines the path name to the Key file used for SSL. The key_file may be needed for some systems but it is not required for SSL.
cert_fileDefines the path name to the Certificate file used for SSL. The cert_file may be needed for some systems but it is not required for SSL.
secure_protocolDefines the protocol (e.g., SSLv3_method) to use on the SSL request.
ciphersRequired if SSL enabled. Specifies a list of SSL ciphers to use.
ecdhCurveDuring testing on some Node 8 environments, you need to set `ecdhCurve` to auto. If you do not, you will receive PROTO errors when attempting the calls. This is the only usage of this property and to our knowledge it only impacts Node 8 and 9.

Throttle Properties

The throttle section is used when requests to Checkpoint_Management must be queued (throttled). All of the properties in this section are optional.

PropertyDescription
throttle_enabledDefault is false. Defines if the adapter should use throttling or not.
number_pronghornsDefault is 1. Defines if throttling is done in a single Itential instance or whether requests are being throttled across multiple Itential instances (minimum = 1, maximum = 20). Throttling in a single Itential instance uses an in-memory queue so there is less overhead. Throttling across multiple Itential instances requires placing the request and queue information into a shared resource (e.g. database) so that each instance can determine what is running and what is next to run. Throttling across multiple instances requires additional I/O overhead.
sync-asyncThis property is not used at the current time (it is for future expansion of the throttling engine).
max_in_queueRepresents the maximum number of requests the adapter should allow into the queue before rejecting requests (minimum = 1, maximum = 5000). This is not a limit on what the adapter can handle but more about timely responses to requests. The default is currently 1000.
concurrent_maxDefines the number of requests the adapter can send to Checkpoint_Management at one time (minimum = 1, maximum = 1000). The default is 1 meaning each request must be sent to Checkpoint_Management in a serial manner.
expire_timeoutDefault is 0. Defines a graceful timeout of the request session. After a request has completed, the adapter will wait additional time prior to sending the next request. Measured in milliseconds (minimum = 0, maximum = 60000).
average_runtimeRepresents the approximate average of how long it takes Checkpoint_Management to handle each request. Measured in milliseconds (minimum = 50, maximum = 60000). Default is 200. This metric has performance implications. If the runtime number is set too low, it puts extra burden on the CPU and memory as the requests will continually try to run. If the runtime number is set too high, requests may wait longer than they need to before running. The number does not need to be exact but your throttling strategy depends heavily on this number being within reason. If averages range from 50 to 250 milliseconds you might pick an average run-time somewhere in the middle so that when Checkpoint_Management performance is exceptional you might run a little slower than you might like, but when it is poor you still run efficiently.
prioritiesAn array of priorities and how to handle them in relation to the throttle queue. Array of objects that include priority value and percent of queue to put the item ex { value: 1, percent: 10 }

Proxy Properties

The proxy section defines the properties to utilize when Checkpoint_Management is behind a proxy server.

PropertyDescription
enabledRequired. Default is false. If Checkpoint_Management is behind a proxy server, set enabled flag to true.
hostHost information for the proxy server. Required if `enabled` is true.
portPort information for the proxy server. Required if `enabled` is true.
protocolThe protocol (i.e., http, https, etc.) used to connect to the proxy. Default is http.
usernameIf there is authentication for the proxy, provide the username here.
passwordIf there is authentication for the proxy, provide the password here.

Mongo Properties

The mongo section defines the properties used to connect to a Mongo database. Mongo can be used for throttling as well as to persist metric data. If not provided, metrics will be stored in the file system.

PropertyDescription
hostOptional. Host information for the mongo server.
portOptional. Port information for the mongo server.
databaseOptional. The database for the adapter to use for its data.
usernameOptional. If credentials are required to access mongo, this is the user to login as.
passwordOptional. If credentials are required to access mongo, this is the password to login with.
replSetOptional. If the database is set up to use replica sets, define it here so it can be added to the database connection.
db_sslOptional. Contains information for SSL connectivity to the database.
db_ssl -> enabledIf SSL is required, set to true.
db_ssl -> accept_invalid_certDefines if the adapter should accept invalid certificates (only recommended for lab environments). Required if SSL is enabled. Default is false.
db_ssl -> ca_fileDefines the path name to the CA file used for SSL. If SSL is enabled and the accept invalid certifications is false, then ca_file is required.
db_ssl -> key_fileDefines the path name to the Key file used for SSL. The key_file may be needed for some systems but it is not required for SSL.
db_ssl -> cert_fileDefines the path name to the Certificate file used for SSL. The cert_file may be needed for some systems but it is not required for SSL.

Device Broker Properties

The device broker section defines the properties used integrate Checkpoint_Management to the device broker. Each broker call is represented and has an array of calls that can be used to build the response. This describes the calls and then the fields which are available in the calls.

PropertyDescription
getDeviceThe array of calls used to get device details for the broker
getDevicesFilteredThe array of calls used to get devices for the broker
isAliveThe array of calls used to get device status for the broker
getConfigThe array of calls used to get device configuration for the broker
getCountThe array of calls used to get device configuration for the broker
getDevice/getDevicesFiltered/isAlive/getConfig/getCount -> pathThe path, not including the base_path and version, for making this call
getDevice/getDevicesFiltered/isAlive/getConfig/getCount -> methodThe rest method for making this call
getDevice/getDevicesFiltered/isAlive/getConfig/getCount -> queryQuery object containing and query parameters and their values for this call
getDevice/getDevicesFiltered/isAlive/getConfig/getCount -> bodyBody object containing the payload for this call
getDevice/getDevicesFiltered/isAlive/getConfig/getCount -> headersHeader object containing the headers for this call.
getDevice/getDevicesFiltered/isAlive/getConfig/getCount -> handleFailureTells the adapter whether to "fail" or "ignore" failures if they occur.
isAlive -> statusValueTells the adapter what value to look for in the status field to determine if the device is alive.
getDevice/getDevicesFiltered/isAlive/getConfig -> requestFieldsObject containing fields the adapter should send on the request and where it should get the data. The where can be from a response to a getDevicesFiltered or a static value.
getDevice/getDevicesFiltered/isAlive/getConfig -> responseFieldsObject containing fields the adapter should set to send back to iap and where the value should come from in the response or request data.

Using this Adapter

The adapter.js file contains the calls the adapter makes available to the rest of the Itential Platform. The API detailed for these calls should be available through JSDOC. The following is a brief summary of the calls.

Generic Adapter Calls

These are adapter methods that IAP or you might use. There are some other methods not shown here that might be used for internal adapter functionality.

Method SignatureDescriptionWorkflow?
connect()This call is run when the Adapter is first loaded by he Itential Platform. It validates the properties have been provided correctly.No
healthCheck(callback)This call ensures that the adapter can communicate with Adapter for Checkpoint Management. The actual call that is used is defined in the adapter properties and .system entities action.json file.No
refreshProperties(properties)This call provides the adapter the ability to accept property changes without having to restart the adapter.No
encryptProperty(property, technique, callback)This call will take the provided property and technique, and return the property encrypted with the technique. This allows the property to be used in the adapterProps section for the credential password so that the password does not have to be in clear text. The adapter will decrypt the property as needed for communications with Adapter for Checkpoint Management.No
iapUpdateAdapterConfiguration(configFile, changes, entity, type, action, callback)This call provides the ability to update the adapter configuration from IAP - includes actions, schema, mockdata and other configurations.Yes
iapSuspendAdapter(mode, callback)This call provides the ability to suspend the adapter and either have requests rejected or put into a queue to be processed after the adapter is resumed.Yes
iapUnsuspendAdapter(callback)This call provides the ability to resume a suspended adapter. Any requests in queue will be processed before new requests.Yes
iapGetAdapterQueue(callback)This call will return the requests that are waiting in the queue if throttling is enabled.Yes
iapFindAdapterPath(apiPath, callback)This call provides the ability to see if a particular API path is supported by the adapter.Yes
iapTroubleshootAdapter(props, persistFlag, adapter, callback)This call can be used to check on the performance of the adapter - it checks connectivity, healthcheck and basic get calls.Yes
iapRunAdapterHealthcheck(adapter, callback)This call will return the results of a healthcheck.Yes
iapRunAdapterConnectivity(callback)This call will return the results of a connectivity check.Yes
iapRunAdapterBasicGet(callback)This call will return the results of running basic get API calls.Yes
iapMoveAdapterEntitiesToDB(callback)This call will push the adapter configuration from the entities directory into the Adapter or IAP Database.Yes
iapDeactivateTasks(tasks, callback)This call provides the ability to remove tasks from the adapter.Yes
iapActivateTasks(tasks, callback)This call provides the ability to add deactivated tasks back into the adapter.Yes
iapExpandedGenericAdapterRequest(metadata, uriPath, restMethod, pathVars, queryData, requestBody, addlHeaders, callback)This is an expanded Generic Call. The metadata object allows us to provide many new capabilities within the generic request.Yes
genericAdapterRequest(uriPath, restMethod, queryData, requestBody, addlHeaders, callback)This call allows you to provide the path to have the adapter call. It is an easy way to incorporate paths that have not been built into the adapter yet.Yes
genericAdapterRequestNoBasePath(uriPath, restMethod, queryData, requestBody, addlHeaders, callback)This call is the same as the genericAdapterRequest only it does not add a base_path or version to the call.Yes
iapRunAdapterLint(callback)Runs lint on the addapter and provides the information back.Yes
iapRunAdapterTests(callback)Runs baseunit and unit tests on the adapter and provides the information back.Yes
iapGetAdapterInventory(callback)This call provides some inventory related information about the adapter.Yes

Adapter Cache Calls

These are adapter methods that are used for adapter caching. If configured, the adapter will cache based on the interval provided. However, you can force a population of the cache manually as well.

Method SignatureDescriptionWorkflow?
iapPopulateEntityCache(entityTypes, callback)This call populates the adapter cache.Yes
iapRetrieveEntitiesCache(entityType, options, callback)This call retrieves the specific items from the adapter cache.Yes

Adapter Broker Calls

These are adapter methods that are used to integrate to IAP Brokers. This adapter currently supports the following broker calls.

Method SignatureDescriptionWorkflow?
hasEntities(entityType, entityList, callback)This call is utilized by the IAP Device Broker to determine if the adapter has a specific entity and item of the entity.No
getDevice(deviceName, callback)This call returns the details of the requested device.No
getDevicesFiltered(options, callback)This call returns the list of devices that match the criteria provided in the options filter.No
isAlive(deviceName, callback)This call returns whether the device status is activeNo
getConfig(deviceName, format, callback)This call returns the configuration for the selected device.No
iapGetDeviceCount(callback)This call returns the count of devices.No

Specific Adapter Calls

Specific adapter calls are built based on the API of the Check Point Management. The Adapter Builder creates the proper method comments for generating JS-DOC for the adapter. This is the best way to get information on the calls.

Method SignatureDescriptionPathWorkflow?
login(body, callback)login{base_path}/{version}/login?{query}Yes
loginToDomainWithSid(sid, body, callback)loginToDomainWithSid{base_path}/{version}/login-to-domain?{query}Yes
publishWithSid(sid, body, callback)publish{base_path}/{version}/publish?{query}Yes
discardWithSid(sid, body, callback)discard{base_path}/{version}/discard?{query}Yes
logoutWithSid(sid, body, callback)logout{base_path}/{version}/logout?{query}Yes
disconnectWithSid(sid, body, callback)disconnect{base_path}/{version}/disconnect?{query}Yes
keepaliveWithSid(sid, body, callback)keepalive{base_path}/{version}/keepalive?{query}Yes
showSessionWithSid(sid, body, callback)show-session{base_path}/{version}/show-session?{query}Yes
setSessionWithSid(sid, body, callback)set-session{base_path}/{version}/set-session?{query}Yes
continueSessionInSmartconsoleWithSid(sid, body, callback)continue-session-in-smartconsole{base_path}/{version}/continue-session-in-smartconsole?{query}Yes
showLastPublishedSessionWithSid(sid, body, callback)show-last-published-session{base_path}/{version}/show-last-published-session?{query}Yes
purgePublishedSessionsByCountWithSid(sid, body, callback)purge-published-sessions by count{base_path}/{version}/purge-published-sessions?{query}Yes
switchSessionWithSid(sid, body, callback)switch-session{base_path}/{version}/switch-session?{query}Yes
assignSessionWithSid(sid, body, callback)assign-session{base_path}/{version}/assign-session?{query}Yes
takeOverSessionWithSid(sid, body, callback)take-over-session{base_path}/{version}/take-over-session?{query}Yes
showSessionsWithSid(sid, body, callback)show-sessions{base_path}/{version}/show-sessions?{query}Yes
showLoginMessageWithSid(sid, body, callback)show-login-message{base_path}/{version}/show-login-message?{query}Yes
setLoginMessageWithSid(sid, body, callback)set-login-message{base_path}/{version}/set-login-message?{query}Yes
addHostWithSid(sid, body, callback)add-host{base_path}/{version}/add-host?{query}Yes
showHostWithSid(sid, body, callback)show-host{base_path}/{version}/show-host?{query}Yes
setHostWithSid(sid, body, callback)set-host{base_path}/{version}/set-host?{query}Yes
deleteHostWithSid(sid, body, callback)delete-host{base_path}/{version}/delete-host?{query}Yes
showHostsWithSid(sid, body, callback)show-hosts{base_path}/{version}/show-hosts?{query}Yes
addNetworkWithSid(sid, body, callback)add-network{base_path}/{version}/add-network?{query}Yes
showNetworkWithSid(sid, body, callback)show-network{base_path}/{version}/show-network?{query}Yes
setNetworkWithSid(sid, body, callback)set-network{base_path}/{version}/set-network?{query}Yes
deleteNetworkWithSid(sid, body, callback)delete-network{base_path}/{version}/delete-network?{query}Yes
showNetworksWithSid(sid, body, callback)show-networks{base_path}/{version}/show-networks?{query}Yes
addWildcardWithSid(sid, body, callback)add-wildcard{base_path}/{version}/add-wildcard?{query}Yes
showWildcardWithSid(sid, body, callback)show-wildcard{base_path}/{version}/show-wildcard?{query}Yes
setWildcardWithSid(sid, body, callback)set-wildcard{base_path}/{version}/set-wildcard?{query}Yes
deleteWildcardWithSid(sid, body, callback)delete-wildcard{base_path}/{version}/delete-wildcard?{query}Yes
showWildcardsWithSid(sid, body, callback)show-wildcards{base_path}/{version}/show-wildcards?{query}Yes
addGroupWithGroupWithSid(sid, body, callback)add-group with group{base_path}/{version}/add-group?{query}Yes
showGroupWithSid(sid, body, callback)show-group{base_path}/{version}/show-group?{query}Yes
setGroupWithSid(sid, body, callback)set-group{base_path}/{version}/set-group?{query}Yes
deleteGroupWithSid(sid, body, callback)delete-group{base_path}/{version}/delete-group?{query}Yes
showGroupsWithSid(sid, body, callback)show-groups{base_path}/{version}/show-groups?{query}Yes
addAddressRangeWithSid(sid, body, callback)add-address-range{base_path}/{version}/add-address-range?{query}Yes
showAddressRangeWithSid(sid, body, callback)show-address-range{base_path}/{version}/show-address-range?{query}Yes
setAddressRangeWithSid(sid, body, callback)set-address-range{base_path}/{version}/set-address-range?{query}Yes
deleteAddressRangeWithSid(sid, body, callback)delete-address-range{base_path}/{version}/delete-address-range?{query}Yes
showAddressRangesWithSid(sid, body, callback)show-address-ranges{base_path}/{version}/show-address-ranges?{query}Yes
addMulticastAddressRangeIpRangeWithSid(sid, body, callback)add-multicast-address-range-ip-range{base_path}/{version}/add-multicast-address-range?{query}Yes
showMulticastAddressRangeWithSid(sid, body, callback)show-multicast-address-range{base_path}/{version}/show-multicast-address-range?{query}Yes
setMulticastAddressRangeWithSid(sid, body, callback)set-multicast-address-range{base_path}/{version}/set-multicast-address-range?{query}Yes
deleteMulticastAddressRangeWithSid(sid, body, callback)delete-multicast-address-range{base_path}/{version}/delete-multicast-address-range?{query}Yes
showMulticastAddressRangesWithSid(sid, body, callback)show-multicast-address-ranges{base_path}/{version}/show-multicast-address-ranges?{query}Yes
addGroupWithExclusionWithSid(sid, body, callback)add-group-with-exclusion{base_path}/{version}/add-group-with-exclusion?{query}Yes
showGroupWithExclusionWithSid(sid, body, callback)show-group-with-exclusion{base_path}/{version}/show-group-with-exclusion?{query}Yes
setGroupWithExclusionWithSid(sid, body, callback)set-group-with-exclusion{base_path}/{version}/set-group-with-exclusion?{query}Yes
deleteGroupWithExclusionWithSid(sid, body, callback)delete-group-with-exclusion{base_path}/{version}/delete-group-with-exclusion?{query}Yes
showGroupsWithExclusionWithSid(sid, body, callback)show-groups-with-exclusion{base_path}/{version}/show-groups-with-exclusion?{query}Yes
addSimpleGatewayWithSid(sid, body, callback)add-simple-gateway{base_path}/{version}/add-simple-gateway?{query}Yes
showSimpleGatewayWithSid(sid, body, callback)show-simple-gateway{base_path}/{version}/show-simple-gateway?{query}Yes
setSimpleGatewayWithSid(sid, body, callback)set-simple-gateway{base_path}/{version}/set-simple-gateway?{query}Yes
deleteSimpleGatewayWithSid(sid, body, callback)delete-simple-gateway{base_path}/{version}/delete-simple-gateway?{query}Yes
showSimpleGatewaysWithSid(sid, body, callback)show-simple-gateways{base_path}/{version}/show-simple-gateways?{query}Yes
addSecurityZoneWithSid(sid, body, callback)add-security-zone{base_path}/{version}/add-security-zone?{query}Yes
showSecurityZoneWithSid(sid, body, callback)show-security-zone{base_path}/{version}/show-security-zone?{query}Yes
setSecurityZoneWithSid(sid, body, callback)set-security-zone{base_path}/{version}/set-security-zone?{query}Yes
deleteSecurityZoneWithSid(sid, body, callback)delete-security-zone{base_path}/{version}/delete-security-zone?{query}Yes
showSecurityZonesWithSid(sid, body, callback)show-security-zones{base_path}/{version}/show-security-zones?{query}Yes
addTimeWithSid(sid, body, callback)add-time{base_path}/{version}/add-time?{query}Yes
showTimeWithSid(sid, body, callback)show-time{base_path}/{version}/show-time?{query}Yes
setTimeWithSid(sid, body, callback)set-time{base_path}/{version}/set-time?{query}Yes
deleteTimeWithSid(sid, body, callback)delete-time{base_path}/{version}/delete-time?{query}Yes
showTimesWithSid(sid, body, callback)show-times{base_path}/{version}/show-times?{query}Yes
addTimeGroupWithSid(sid, body, callback)add-time-group{base_path}/{version}/add-time-group?{query}Yes
showTimeGroupWithSid(sid, body, callback)show-time-group{base_path}/{version}/show-time-group?{query}Yes
setTimeGroupWithSid(sid, body, callback)set-time-group{base_path}/{version}/set-time-group?{query}Yes
deleteTimeGroupWithSid(sid, body, callback)delete-time-group{base_path}/{version}/delete-time-group?{query}Yes
showTimeGroupsWithSid(sid, body, callback)show-time-groups{base_path}/{version}/show-time-groups?{query}Yes
addAccessRoleWithSid(sid, body, callback)add-access-role{base_path}/{version}/add-access-role?{query}Yes
showAccessRoleWithSid(sid, body, callback)show-access-role{base_path}/{version}/show-access-role?{query}Yes
setAccessRoleWithSid(sid, body, callback)set-access-role{base_path}/{version}/set-access-role?{query}Yes
deleteAccessRoleWithSid(sid, body, callback)delete-access-role{base_path}/{version}/delete-access-role?{query}Yes
showAccessRolesWithSid(sid, body, callback)show-access-roles{base_path}/{version}/show-access-roles?{query}Yes
addDynamicObjectWithSid(sid, body, callback)add-dynamic-object{base_path}/{version}/add-dynamic-object?{query}Yes
showDynamicObjectWithSid(sid, body, callback)show-dynamic-object{base_path}/{version}/show-dynamic-object?{query}Yes
setDynamicObjectWithSid(sid, body, callback)set-dynamic-object{base_path}/{version}/set-dynamic-object?{query}Yes
deleteDynamicObjectWithSid(sid, body, callback)delete-dynamic-object{base_path}/{version}/delete-dynamic-object?{query}Yes
showDynamicObjectsWithSid(sid, body, callback)show-dynamic-objects{base_path}/{version}/show-dynamic-objects?{query}Yes
addTrustedClientWithSid(sid, body, callback)add-trusted-client{base_path}/{version}/add-trusted-client?{query}Yes
showTrustedClientWithSid(sid, body, callback)show-trusted-client{base_path}/{version}/show-trusted-client?{query}Yes
setTrustedClientWithSid(sid, body, callback)set-trusted-client{base_path}/{version}/set-trusted-client?{query}Yes
deleteTrustedClientWithSid(sid, body, callback)delete-trusted-client{base_path}/{version}/delete-trusted-client?{query}Yes
showTrustedClientsWithSid(sid, body, callback)show-trusted-clients{base_path}/{version}/show-trusted-clients?{query}Yes
addTagWithSid(sid, body, callback)add-tag{base_path}/{version}/add-tag?{query}Yes
showTagWithSid(sid, body, callback)show-tag{base_path}/{version}/show-tag?{query}Yes
setTagWithSid(sid, body, callback)set-tag{base_path}/{version}/set-tag?{query}Yes
deleteTagWithSid(sid, body, callback)delete-tag{base_path}/{version}/delete-tag?{query}Yes
showTagsWithSid(sid, body, callback)show-tags{base_path}/{version}/show-tags?{query}Yes
addDnsDomainWithSid(sid, body, callback)add-dns-domain{base_path}/{version}/add-dns-domain?{query}Yes
showDnsDomainWithSid(sid, body, callback)show-dns-domain{base_path}/{version}/show-dns-domain?{query}Yes
setDnsDomainWithSid(sid, body, callback)set-dns-domain{base_path}/{version}/set-dns-domain?{query}Yes
deleteDnsDomainWithSid(sid, body, callback)delete-dns-domain{base_path}/{version}/delete-dns-domain?{query}Yes
showDnsDomainsWithSid(sid, body, callback)show-dns-domains{base_path}/{version}/show-dns-domains?{query}Yes
addOpsecApplicationWithSid(sid, body, callback)add-opsec-application{base_path}/{version}/add-opsec-application?{query}Yes
showOpsecApplicationWithSid(sid, body, callback)show-opsec-application{base_path}/{version}/show-opsec-application?{query}Yes
setOpsecApplicationWithSid(sid, body, callback)set-opsec-application{base_path}/{version}/set-opsec-application?{query}Yes
deleteOpsecApplicationWithSid(sid, body, callback)delete-opsec-application{base_path}/{version}/delete-opsec-application?{query}Yes
showOpsecApplicationsWithSid(sid, body, callback)show-opsec-applications{base_path}/{version}/show-opsec-applications?{query}Yes
showDataCenterContentWithSid(sid, body, callback)show-data-center-content{base_path}/{version}/show-data-center-content?{query}Yes
showDataCenterWithSid(sid, body, callback)show-data-center{base_path}/{version}/show-data-center?{query}Yes
showDataCentersWithSid(sid, body, callback)show-data-centers{base_path}/{version}/show-data-centers?{query}Yes
addDataCenterObjectWithGroupWithSid(sid, body, callback)add-data-center-object with group{base_path}/{version}/add-data-center-object?{query}Yes
showDataCenterObjectWithSid(sid, body, callback)show-data-center-object{base_path}/{version}/show-data-center-object?{query}Yes
deleteDataCenterObjectWithSid(sid, body, callback)delete-data-center-object{base_path}/{version}/delete-data-center-object?{query}Yes
showDataCenterObjectsWithSid(sid, body, callback)show-data-center-objects{base_path}/{version}/show-data-center-objects?{query}Yes
showUpdatableObjectsRepositoryContentWithSid(sid, body, callback)show-updatable-objects-repository-content{base_path}/{version}/show-updatable-objects-repository-content?{query}Yes
updateUpdatableObjectsRepositoryContentWithSid(sid, body, callback)update-updatable-objects-repository-content{base_path}/{version}/update-updatable-objects-repository-content?{query}Yes
addUpdatableObjectWithSid(sid, body, callback)add-updatable-object{base_path}/{version}/add-updatable-object?{query}Yes
showUpdatableObjectWithSid(sid, body, callback)show-updatable-object{base_path}/{version}/show-updatable-object?{query}Yes
deleteUpdatableObjectWithSid(sid, body, callback)delete-updatable-object{base_path}/{version}/delete-updatable-object?{query}Yes
showUpdatableObjectsWithSid(sid, body, callback)show-updatable-objects{base_path}/{version}/show-updatable-objects?{query}Yes
addServiceTcpWithSid(sid, body, callback)add-service-tcp{base_path}/{version}/add-service-tcp?{query}Yes
showServiceTcpWithSid(sid, body, callback)show-service-tcp{base_path}/{version}/show-service-tcp?{query}Yes
setServiceTcpWithSid(sid, body, callback)set-service-tcp{base_path}/{version}/set-service-tcp?{query}Yes
deleteServiceTcpWithSid(sid, body, callback)delete-service-tcp{base_path}/{version}/delete-service-tcp?{query}Yes
showServicesTcpWithSid(sid, body, callback)show-services-tcp{base_path}/{version}/show-services-tcp?{query}Yes
addServiceUdpWithSid(sid, body, callback)add-service-udp{base_path}/{version}/add-service-udp?{query}Yes
showServiceUdpWithSid(sid, body, callback)show-service-udp{base_path}/{version}/show-service-udp?{query}Yes
setServiceUdpWithSid(sid, body, callback)set-service-udp{base_path}/{version}/set-service-udp?{query}Yes
deleteServiceUdpWithSid(sid, body, callback)delete-service-udp{base_path}/{version}/delete-service-udp?{query}Yes
showServicesUdpWithSid(sid, body, callback)show-services-udp{base_path}/{version}/show-services-udp?{query}Yes
addServiceIcmpWithSid(sid, body, callback)add-service-icmp{base_path}/{version}/add-service-icmp?{query}Yes
showServiceIcmpWithSid(sid, body, callback)show-service-icmp{base_path}/{version}/show-service-icmp?{query}Yes
setServiceIcmpWithSid(sid, body, callback)set-service-icmp{base_path}/{version}/set-service-icmp?{query}Yes
deleteServiceIcmpWithSid(sid, body, callback)delete-service-icmp{base_path}/{version}/delete-service-icmp?{query}Yes
showServicesIcmpWithSid(sid, body, callback)show-services-icmp{base_path}/{version}/show-services-icmp?{query}Yes
addServiceIcmp6WithSid(sid, body, callback)add-service-icmp6{base_path}/{version}/add-service-icmp6?{query}Yes
showServiceIcmp6WithSid(sid, body, callback)show-service-icmp6{base_path}/{version}/show-service-icmp6?{query}Yes
setServiceIcmp6WithSid(sid, body, callback)set-service-icmp6{base_path}/{version}/set-service-icmp6?{query}Yes
deleteServiceIcmp6WithSid(sid, body, callback)delete-service-icmp6{base_path}/{version}/delete-service-icmp6?{query}Yes
showServicesIcmp6WithSid(sid, body, callback)show-services-icmp6{base_path}/{version}/show-services-icmp6?{query}Yes
addServiceSctpWithSid(sid, body, callback)add-service-sctp{base_path}/{version}/add-service-sctp?{query}Yes
showServiceSctpWithSid(sid, body, callback)show-service-sctp{base_path}/{version}/show-service-sctp?{query}Yes
setServiceSctpWithSid(sid, body, callback)set-service-sctp{base_path}/{version}/set-service-sctp?{query}Yes
deleteServiceSctpWithSid(sid, body, callback)delete-service-sctp{base_path}/{version}/delete-service-sctp?{query}Yes
showServicesSctpWithSid(sid, body, callback)show-services-sctp{base_path}/{version}/show-services-sctp?{query}Yes
addServiceOtherWithSid(sid, body, callback)add-service-other{base_path}/{version}/add-service-other?{query}Yes
showServiceOtherWithSid(sid, body, callback)show-service-other{base_path}/{version}/show-service-other?{query}Yes
setServiceOtherWithSid(sid, body, callback)set-service-other{base_path}/{version}/set-service-other?{query}Yes
deleteServiceOtherWithSid(sid, body, callback)delete-service-other{base_path}/{version}/delete-service-other?{query}Yes
showServicesOtherWithSid(sid, body, callback)show-services-other{base_path}/{version}/show-services-other?{query}Yes
addServiceGroupWithSid(sid, body, callback)add-service-group{base_path}/{version}/add-service-group?{query}Yes
showServiceGroupWithSid(sid, body, callback)show-service-group{base_path}/{version}/show-service-group?{query}Yes
setServiceGroupWithSid(sid, body, callback)set-service-group{base_path}/{version}/set-service-group?{query}Yes
deleteServiceGroupWithSid(sid, body, callback)delete-service-group{base_path}/{version}/delete-service-group?{query}Yes
showServiceGroupsWithSid(sid, body, callback)show-service-groups{base_path}/{version}/show-service-groups?{query}Yes
addApplicationSiteWithSid(sid, body, callback)add-application-site{base_path}/{version}/add-application-site?{query}Yes
showApplicationSiteWithSid(sid, body, callback)show-application-site{base_path}/{version}/show-application-site?{query}Yes
setApplicationSiteWithSid(sid, body, callback)set-application-site{base_path}/{version}/set-application-site?{query}Yes
deleteApplicationSiteWithSid(sid, body, callback)delete-application-site{base_path}/{version}/delete-application-site?{query}Yes
showApplicationSitesWithSid(sid, body, callback)show-application-sites{base_path}/{version}/show-application-sites?{query}Yes
addApplicationSiteCategoryWithSid(sid, body, callback)add-application-site-category{base_path}/{version}/add-application-site-category?{query}Yes
showApplicationSiteCategoryWithSid(sid, body, callback)show-application-site-category{base_path}/{version}/show-application-site-category?{query}Yes
setApplicationSiteCategoryWithSid(sid, body, callback)set-application-site-category{base_path}/{version}/set-application-site-category?{query}Yes
deleteApplicationSiteCategoryWithSid(sid, body, callback)delete-application-site-category{base_path}/{version}/delete-application-site-category?{query}Yes
showApplicationSiteCategoriesWithSid(sid, body, callback)show-application-site-categories{base_path}/{version}/show-application-site-categories?{query}Yes
addApplicationSiteGroupWithSid(sid, body, callback)add-application-site-group{base_path}/{version}/add-application-site-group?{query}Yes
showApplicationSiteGroupWithSid(sid, body, callback)show-application-site-group{base_path}/{version}/show-application-site-group?{query}Yes
setApplicationSiteGroupWithSid(sid, body, callback)set-application-site-group{base_path}/{version}/set-application-site-group?{query}Yes
deleteApplicationSiteGroupWithSid(sid, body, callback)delete-application-site-group{base_path}/{version}/delete-application-site-group?{query}Yes
showApplicationSiteGroupsWithSid(sid, body, callback)show-application-site-groups{base_path}/{version}/show-application-site-groups?{query}Yes
addServiceDceRpcWithSid(sid, body, callback)add-service-dce-rpc{base_path}/{version}/add-service-dce-rpc?{query}Yes
showServiceDceRpcWithSid(sid, body, callback)show-service-dce-rpc{base_path}/{version}/show-service-dce-rpc?{query}Yes
setServiceDceRpcWithSid(sid, body, callback)set-service-dce-rpc{base_path}/{version}/set-service-dce-rpc?{query}Yes
deleteServiceDceRpcWithSid(sid, body, callback)delete-service-dce-rpc{base_path}/{version}/delete-service-dce-rpc?{query}Yes
showServicesDceRpcWithSid(sid, body, callback)show-services-dce-rpc{base_path}/{version}/show-services-dce-rpc?{query}Yes
addServiceRpcWithSid(sid, body, callback)add-service-rpc{base_path}/{version}/add-service-rpc?{query}Yes
showServiceRpcWithSid(sid, body, callback)show-service-rpc{base_path}/{version}/show-service-rpc?{query}Yes
setServiceRpcWithSid(sid, body, callback)set-service-rpc{base_path}/{version}/set-service-rpc?{query}Yes
deleteServiceRpcWithSid(sid, body, callback)delete-service-rpc{base_path}/{version}/delete-service-rpc?{query}Yes
showServicesRpcWithSid(sid, body, callback)show-services-rpc{base_path}/{version}/show-services-rpc?{query}Yes
addAccessRuleWithSid(sid, body, callback)add-access-rule{base_path}/{version}/add-access-rule?{query}Yes
showAccessRulebaseWithSid(sid, body, callback)show-access-rulebase{base_path}/{version}/show-access-rulebase?{query}Yes
showAccessRuleWithSid(sid, body, callback)show-access-rule{base_path}/{version}/show-access-rule?{query}Yes
setAccessRuleWithSid(sid, body, callback)set-access-rule{base_path}/{version}/set-access-rule?{query}Yes
deleteAccessRuleWithSid(sid, body, callback)delete-access-rule{base_path}/{version}/delete-access-rule?{query}Yes
addAccessSectionWithSid(sid, body, callback)add-access-section{base_path}/{version}/add-access-section?{query}Yes
showAccessSectionWithSid(sid, body, callback)show-access-section{base_path}/{version}/show-access-section?{query}Yes
setAccessSectionWithSid(sid, body, callback)set-access-section{base_path}/{version}/set-access-section?{query}Yes
deleteAccessSectionWithSid(sid, body, callback)delete-access-section{base_path}/{version}/delete-access-section?{query}Yes
addAccessLayerWithSid(sid, body, callback)add-access-layer{base_path}/{version}/add-access-layer?{query}Yes
showAccessLayerWithSid(sid, body, callback)show-access-layer{base_path}/{version}/show-access-layer?{query}Yes
setAccessLayerWithSid(sid, body, callback)set-access-layer{base_path}/{version}/set-access-layer?{query}Yes
deleteAccessLayerWithSid(sid, body, callback)delete-access-layer{base_path}/{version}/delete-access-layer?{query}Yes
showAccessLayersWithSid(sid, body, callback)show-access-layers{base_path}/{version}/show-access-layers?{query}Yes
addNatRuleWithSid(sid, body, callback)add-nat-rule{base_path}/{version}/add-nat-rule?{query}Yes
showNatRulebaseWithSid(sid, body, callback)show-nat-rulebase{base_path}/{version}/show-nat-rulebase?{query}Yes
showNatRuleWithSid(sid, body, callback)show-nat-rule{base_path}/{version}/show-nat-rule?{query}Yes
setNatRuleWithSid(sid, body, callback)set-nat-rule{base_path}/{version}/set-nat-rule?{query}Yes
deleteNatRuleWithSid(sid, body, callback)delete-nat-rule{base_path}/{version}/delete-nat-rule?{query}Yes
addNatSectionWithSid(sid, body, callback)add-nat-section{base_path}/{version}/add-nat-section?{query}Yes
showNatSectionWithSid(sid, body, callback)show-nat-section{base_path}/{version}/show-nat-section?{query}Yes
setNatSectionWithSid(sid, body, callback)set-nat-section{base_path}/{version}/set-nat-section?{query}Yes
deleteNatSectionWithSid(sid, body, callback)delete-nat-section{base_path}/{version}/delete-nat-section?{query}Yes
addVpnCommunityMeshedWithSid(sid, body, callback)add-vpn-community-meshed{base_path}/{version}/add-vpn-community-meshed?{query}Yes
showVpnCommunityMeshedWithSid(sid, body, callback)show-vpn-community-meshed{base_path}/{version}/show-vpn-community-meshed?{query}Yes
setVpnCommunityMeshedWithSid(sid, body, callback)set-vpn-community-meshed{base_path}/{version}/set-vpn-community-meshed?{query}Yes
deleteVpnCommunityMeshedWithSid(sid, body, callback)delete-vpn-community-meshed{base_path}/{version}/delete-vpn-community-meshed?{query}Yes
showVpnCommunitiesMeshedWithSid(sid, body, callback)show-vpn-communities-meshed{base_path}/{version}/show-vpn-communities-meshed?{query}Yes
addVpnCommunityStarWithSid(sid, body, callback)add-vpn-community-star{base_path}/{version}/add-vpn-community-star?{query}Yes
showVpnCommunityStarWithSid(sid, body, callback)show-vpn-community-star{base_path}/{version}/show-vpn-community-star?{query}Yes
setVpnCommunityStarWithSid(sid, body, callback)set-vpn-community-star{base_path}/{version}/set-vpn-community-star?{query}Yes
deleteVpnCommunityStarWithSid(sid, body, callback)delete-vpn-community-star{base_path}/{version}/delete-vpn-community-star?{query}Yes
showVpnCommunitiesStarWithSid(sid, body, callback)show-vpn-communities-star{base_path}/{version}/show-vpn-communities-star?{query}Yes
addThreatRuleWithSid(sid, body, callback)add-threat-rule{base_path}/{version}/add-threat-rule?{query}Yes
showThreatRulebaseWithSid(sid, body, callback)show-threat-rulebase{base_path}/{version}/show-threat-rulebase?{query}Yes
showThreatRuleWithSid(sid, body, callback)show-threat-rule{base_path}/{version}/show-threat-rule?{query}Yes
setThreatRuleWithSid(sid, body, callback)set-threat-rule{base_path}/{version}/set-threat-rule?{query}Yes
deleteThreatRuleWithSid(sid, body, callback)delete-threat-rule{base_path}/{version}/delete-threat-rule?{query}Yes
addThreatExceptionWithSid(sid, body, callback)add-threat-exception{base_path}/{version}/add-threat-exception?{query}Yes
showThreatRuleExceptionRulebaseWithSid(sid, body, callback)show-threat-rule-exception-rulebase{base_path}/{version}/show-threat-rule-exception-rulebase?{query}Yes
showThreatExceptionWithSid(sid, body, callback)show-threat-exception{base_path}/{version}/show-threat-exception?{query}Yes
setThreatExceptionWithSid(sid, body, callback)set-threat-exception{base_path}/{version}/set-threat-exception?{query}Yes
deleteThreatExceptionWithSid(sid, body, callback)delete-threat-exception{base_path}/{version}/delete-threat-exception?{query}Yes
addExceptionGroupWithSid(sid, body, callback)add-exception-group{base_path}/{version}/add-exception-group?{query}Yes
showExceptionGroupWithSid(sid, body, callback)show-exception-group{base_path}/{version}/show-exception-group?{query}Yes
setExceptionGroupWithSid(sid, body, callback)set-exception-group{base_path}/{version}/set-exception-group?{query}Yes
deleteExceptionGroupWithSid(sid, body, callback)delete-exception-group{base_path}/{version}/delete-exception-group?{query}Yes
showExceptionGroupsWithSid(sid, body, callback)show-exception-groups{base_path}/{version}/show-exception-groups?{query}Yes
showThreatProtectionWithSid(sid, body, callback)show-threat-protection{base_path}/{version}/show-threat-protection?{query}Yes
setThreatProtectionWithSid(sid, body, callback)set-threat-protection{base_path}/{version}/set-threat-protection?{query}Yes
showThreatProtectionsWithSid(sid, body, callback)show-threat-protections{base_path}/{version}/show-threat-protections?{query}Yes
addThreatProtectionsWithSid(sid, body, callback)add-threat-protections{base_path}/{version}/add-threat-protections?{query}Yes
deleteThreatProtectionsWithSid(sid, body, callback)delete-threat-protections{base_path}/{version}/delete-threat-protections?{query}Yes
addThreatProfileWithSid(sid, body, callback)add-threat-profile{base_path}/{version}/add-threat-profile?{query}Yes
showThreatProfileWithSid(sid, body, callback)show-threat-profile{base_path}/{version}/show-threat-profile?{query}Yes
setThreatProfileWithSid(sid, body, callback)set-threat-profile{base_path}/{version}/set-threat-profile?{query}Yes
deleteThreatProfileWithSid(sid, body, callback)delete-threat-profile{base_path}/{version}/delete-threat-profile?{query}Yes
showThreatProfilesWithSid(sid, body, callback)show-threat-profiles{base_path}/{version}/show-threat-profiles?{query}Yes
addThreatIndicatorWithSid(sid, body, callback)add-threat-indicator{base_path}/{version}/add-threat-indicator?{query}Yes
showThreatIndicatorWithSid(sid, body, callback)show-threat-indicator{base_path}/{version}/show-threat-indicator?{query}Yes
setThreatIndicatorWithSid(sid, body, callback)set-threat-indicator{base_path}/{version}/set-threat-indicator?{query}Yes
deleteThreatIndicatorWithSid(sid, body, callback)delete-threat-indicator{base_path}/{version}/delete-threat-indicator?{query}Yes
showThreatIndicatorsWithSid(sid, body, callback)show-threat-indicators{base_path}/{version}/show-threat-indicators?{query}Yes
addThreatLayerWithSid(sid, body, callback)add-threat-layer{base_path}/{version}/add-threat-layer?{query}Yes
showThreatLayerWithSid(sid, body, callback)show-threat-layer{base_path}/{version}/show-threat-layer?{query}Yes
setThreatLayerWithSid(sid, body, callback)set-threat-layer{base_path}/{version}/set-threat-layer?{query}Yes
deleteThreatLayerWithSid(sid, body, callback)delete-threat-layer{base_path}/{version}/delete-threat-layer?{query}Yes
showThreatLayersWithSid(sid, body, callback)show-threat-layers{base_path}/{version}/show-threat-layers?{query}Yes
showIpsUpdateScheduleWithSid(sid, body, callback)show-ips-update-schedule{base_path}/{version}/show-ips-update-schedule?{query}Yes
setIpsUpdateScheduleIntervalWithSid(sid, body, callback)set-ips-update-schedule-interval{base_path}/{version}/set-ips-update-schedule?{query}Yes
runIpsUpdateWithSid(sid, body, callback)run-ips-update{base_path}/{version}/run-ips-update?{query}Yes
showIpsStatusWithSid(sid, body, callback)show-ips-status{base_path}/{version}/show-ips-status?{query}Yes
showIpsProtectionExtendedAttributeWithSid(sid, body, callback)show-ips-protection-extended-attribute{base_path}/{version}/show-ips-protection-extended-attribute?{query}Yes
showIpsProtectionExtendedAttributesWithSid(sid, body, callback)show-ips-protection-extended-attributes{base_path}/{version}/show-ips-protection-extended-attributes?{query}Yes
runThreatEmulationFileTypesOfflineUpdateWithSid(sid, body, callback)run-threat-emulation-file-types-offline-update{base_path}/{version}/run-threat-emulation-file-types-offline-update?{query}Yes
verifyPolicyWithSid(sid, body, callback)verify-policy{base_path}/{version}/verify-policy?{query}Yes
installPolicyWithSid(sid, body, callback)install-policy{base_path}/{version}/install-policy?{query}Yes
addPackageWithSid(sid, body, callback)add-package{base_path}/{version}/add-package?{query}Yes
showPackageWithSid(sid, body, callback)show-package{base_path}/{version}/show-package?{query}Yes
setPackageWithSid(sid, body, callback)set-package{base_path}/{version}/set-package?{query}Yes
deletePackageWithSid(sid, body, callback)delete-package{base_path}/{version}/delete-package?{query}Yes
showPackagesWithSid(sid, body, callback)show-packages{base_path}/{version}/show-packages?{query}Yes
addDomainWithSid(sid, body, callback)add-domain{base_path}/{version}/add-domain?{query}Yes
showDomainWithSid(sid, body, callback)show-domain{base_path}/{version}/show-domain?{query}Yes
setDomainWithSid(sid, body, callback)set-domain{base_path}/{version}/set-domain?{query}Yes
deleteDomainWithSid(sid, body, callback)delete-domain{base_path}/{version}/delete-domain?{query}Yes
showDomainsWithSid(sid, body, callback)show-domains{base_path}/{version}/show-domains?{query}Yes
showGlobalDomainWithSid(sid, body, callback)show-global-domain{base_path}/{version}/show-global-domain?{query}Yes
setGlobalDomainWithSid(sid, body, callback)set-global-domain{base_path}/{version}/set-global-domain?{query}Yes
showMdsWithSid(sid, body, callback)show-mds{base_path}/{version}/show-mds?{query}Yes
showMdssWithSid(sid, body, callback)show-mdss{base_path}/{version}/show-mdss?{query}Yes
showPlaceHolderWithSid(sid, body, callback)show-place-holder{base_path}/{version}/show-place-holder?{query}Yes
addGlobalAssignmentWithSid(sid, body, callback)add-global-assignment{base_path}/{version}/add-global-assignment?{query}Yes
showGlobalAssignmentWithSid(sid, body, callback)show-global-assignment{base_path}/{version}/show-global-assignment?{query}Yes
setGlobalAssignmentWithSid(sid, body, callback)set-global-assignment{base_path}/{version}/set-global-assignment?{query}Yes
deleteGlobalAssignmentWithSid(sid, body, callback)delete-global-assignment{base_path}/{version}/delete-global-assignment?{query}Yes
showGlobalAssignmentsWithSid(sid, body, callback)show-global-assignments{base_path}/{version}/show-global-assignments?{query}Yes
assignGlobalAssignmentWithSid(sid, body, callback)assign-global-assignment{base_path}/{version}/assign-global-assignment?{query}Yes
whereUsedWithSid(sid, body, callback)where-used{base_path}/{version}/where-used?{query}Yes
showTaskWithSid(sid, body, callback)show-task{base_path}/{version}/show-task?{query}Yes
runScriptWithSid(sid, body, callback)run-script{base_path}/{version}/run-script?{query}Yes
showUnusedObjectsWithSid(sid, body, callback)show unused objects{base_path}/{version}/show-unused-objects?{query}Yes
exportWithSid(sid, body, callback)export{base_path}/{version}/export?{query}Yes
showChangesBetweenTheDatesWithSid(sid, body, callback)show-changes between the dates{base_path}/{version}/show-changes?{query}Yes
showGatewaysAndServersWithSid(sid, body, callback)show-gateways-and-servers{base_path}/{version}/show-gateways-and-servers?{query}Yes
showObjectsOfTypeGroupWithSid(sid, body, callback)show-objects of type group{base_path}/{version}/show-objects?{query}Yes
showValidationsWithSid(sid, body, callback)show-validations{base_path}/{version}/show-validations?{query}Yes
showTasksWithSid(sid, body, callback)show-tasks{base_path}/{version}/show-tasks?{query}Yes
showApiVersionsWithSid(sid, body, callback)show-api-versions{base_path}/{version}/show-api-versions?{query}Yes
showObjectWithSid(sid, body, callback)show-object{base_path}/{version}/show-object?{query}Yes
showCommandsWithSid(sid, body, callback)show-commands{base_path}/{version}/show-commands?{query}Yes
putFileWithSid(sid, body, callback)put-file{base_path}/{version}/put-file?{query}Yes
addAdministratorWithSid(sid, body, callback)add-administrator{base_path}/{version}/add-administrator?{query}Yes
showAdministratorWithSid(sid, body, callback)show-administrator{base_path}/{version}/show-administrator?{query}Yes
setAdministratorWithSid(sid, body, callback)set-administrator{base_path}/{version}/set-administrator?{query}Yes
deleteAdministratorWithSid(sid, body, callback)delete-administrator{base_path}/{version}/delete-administrator?{query}Yes
showAdministratorsWithSid(sid, body, callback)show-administrators{base_path}/{version}/show-administrators?{query}Yes
unlockAdministratorWithSid(sid, body, callback)unlock-administrator{base_path}/{version}/unlock-administrator?{query}Yes
showApiSettingsWithSid(sid, body, callback)show-api-settings{base_path}/{version}/show-api-settings?{query}Yes
setApiSettingsWithSid(sid, body, callback)set-api-settings{base_path}/{version}/set-api-settings?{query}Yes

Authentication

This document will go through the steps for authenticating the Check Point Management adapter with Dynamic Token Authentication. Properly configuring the properties for an adapter in IAP is critical for getting the adapter online. You can read more about adapter authentication HERE.

Companies periodically change authentication methods to provide better security. As this happens this section should be updated and contributed/merge back into the adapter repository.

Dynamic Token Authentication

The Check Point Management adapter authenticates with a dynamic token.

STEPS

  1. Ensure you have access to a Check Point Management server and that it is running
  2. Follow the steps in the README.md to import the adapter into IAP if you have not already done so
  3. Use the properties below for the properties.authentication field
    "authentication": {
    "auth_method": "request_token",
    "username": "<username>",
    "password": "<password>",
    "token_user_field": "user",
    "token_password_field": "password",
    "token_result_field": "sid",
    "token_URI_path": "/login",
    "token_timeout": 3600000,
    "token_cache": "local",
    "invalid_token_error": 400,
    "auth_field": "header.headers.x-chkp-sid",
    "auth_field_format": "{token}",
    }

    you can leave all of the other properties in the authentication section, they will not be used for Check Point Management dynamic token authentication.

  4. Restart the adapter. If your properties were set correctly, the adapter should go online.

Troubleshooting

  • Make sure you copied over the correct username and password as these are used to retrieve the token.
  • Turn on debug level logs for the adapter in IAP Admin Essentials.
  • Turn on auth_logging for the adapter in IAP Admin Essentials (adapter properties).
  • Investigate the logs - in particular:
    • The FULL REQUEST log to make sure the proper headers are being sent with the request.
    • The FULL BODY log to make sure the payload is accurate.
    • The CALL RETURN log to see what the other system is telling us.
  • Credentials should be masked by the adapter so make sure you verify the username and password - including that there are erroneous spaces at the front or end.
  • Remember when you are done to turn auth_logging off as you do not want to log credentials.

Additional Information

Enhancements

Adding a Second Instance of an Adapter

You can add a second instance of this adapter without adding new code on the file system. To do this go into the IAP Admin Essentials and add a new service config for this adapter. The two instances of the adapter should have unique ids. In addition, they should point to different instances (unique host and port) of the other system.

Adding Adapter Calls

There are multiple ways to add calls to an existing adapter.

The easiest way would be to use the Adapter Builder update process. This process takes in a Swagger or OpenAPI document, allows you to select the calls you want to add and then generates a zip file that can be used to update the adapter. Once you have the zip file simply put it in the adapter directory and execute npm run adapter:update.

mv updatePackage.zip adapter-checkpoint_management
cd adapter-checkpoint_management
npm run adapter:update

If you do not have a Swagger or OpenAPI document, you can use a Postman Collection and convert that to an OpenAPI document using APIMatic and then follow the first process.

If you want to manually update the adapter that can also be done the key thing is to make sure you update all of the right files. Within the entities directory you will find 1 or more entities. You can create a new entity or add to an existing entity. Each entity has an action.json file, any new call will need to be put in the action.json file. It will also need to be added to the enum for the ph_request_type in the appropriate schema files. Once this configuration is complete you will need to add the call to the adapter.js file and, in order to make it available as a workflow task in IAP, it should also be added to the pronghorn.json file. You can optionally add it to the unit and integration test files. There is more information on how to work on each of these files in the Adapter Technical Resources on our Documentation Site.

Files to update
* entities/<entity>/action.json: add an action
* entities/<entity>/schema.json (or the schema defined on the action): add action to the enum for ph_request_type
* adapter.js: add the new method and make sure it calls the proper entity and action
* pronghorn.json: add the new method
* test/unit/adapterTestUnit.js (optional but best practice): add unit test(s) - function is there, any required parameters error when not passed in
* test/integration/adapterTestIntegration.js (optional but best practice): add integration test

Adding Adapter Properties

While changing adapter properties is done in the service instance configuration section of IAP, adding properties has to be done in the adapter. To add a property you should edit the propertiesSchema.json with the proper information for the property. In addition, you should modify the sampleProperties to have the new property in it.

Files to update
* propertiesSchema.json: add the new property and how it is defined
* sampleProperties: add the new property with a default value
* test/unit/adapterTestUnit.js (optional but best practice): add the property to the global properties
* test/integration/adapterTestIntegration.js (optional but best practice): add the property to the global properties

Changing Adapter Authentication

Often an adapter is built before knowing the authentication and authentication processes can also change over time. The adapter supports many different kinds of authentication but it does require configuration. Some forms of authentication can be defined entirely with the adapter properties but others require configuration.

Files to update
* entities/.system/action.json: change the getToken action as needed
* entities/.system/schemaTokenReq.json: add input parameters (external name is name in other system)
* entities/.system/schemaTokenResp.json: add response parameters (external name is name in other system)
* propertiesSchema.json: add any new property and how it is defined
* sampleProperties: add any new property with a default value
* test/unit/adapterTestUnit.js (optional but best practice): add the property to the global properties
* test/integration/adapterTestIntegration.js (optional but best practice): add the property to the global properties

Enhancing Adapter Integration Tests

The adapter integration tests are written to be able to test in either stub (standalone) mode or integrated to the other system. However, if integrating to the other system, you may need to provide better data than what the adapter provides by default as that data is likely to fail for create and update. To provide better data, edit the adapter integration test file. Make sure you do not remove the marker and keep custom code below the marker so you do not impact future migrations. Once the edits are complete, run the integration test as it instructs you to above. When you run integrated to the other system, you can also save mockdata for future use by changing the isSaveMockData flag to true.

Files to update
* test/integration/adapterTestIntegration.js: add better data for the create and update calls so that they will not fail.

As mentioned previously, for most of these changes as well as other possible changes, there is more information on how to work on an adapter in the Adapter Technical Resources on our Documentation Site.

Contributing

First off, thanks for taking the time to contribute!

The following is a set of rules for contributing.

Code of Conduct

This project and everyone participating in it is governed by the Code of Conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to support@itential.com.

How to Contribute

Follow the contributing guide (here)[https://gitlab.com/itentialopensource/adapters/contributing-guide]

Helpful Links

Adapter Technical Resources

Node Scripts

There are several node scripts that now accompany the adapter. These scripts are provided to make several activities easier. Many of these scripts can have issues with different versions of IAP as they have dependencies on IAP and Mongo. If you have issues with the scripts please report them to the Itential Adapter Team. Each of these scripts are described below.

RunDescription
npm run adapter:installProvides an easier way to install the adapter.
npm run adapter:checkMigrateChecks whether your adapter can and should be migrated to the latest foundation.
npm run adapter:findPathCan be used to see if the adapter supports a particular API call.
npm run adapter:migrateProvides an easier way to update your adapter after you download the migration zip from Itential DevSite.
npm run adapter:updateProvides an easier way to update your adapter after you download the update zip from Itential DevSite.
npm run adapter:revertAllows you to revert after a migration or update if it resulted in issues.
npm run troubleshootProvides a way to troubleshoot the adapter - runs connectivity, healthcheck and basic get.
npm run connectivityProvides a connectivity check to the Servicenow system.
npm run healthcheckChecks whether the configured healthcheck call works to Servicenow.
npm run basicgetChecks whether the basic get calls works to Servicenow.

Troubleshoot

Run npm run troubleshoot to start the interactive troubleshooting process. The command allows you to verify and update connection, authentication as well as healthcheck configuration. After that it will test these properties by sending HTTP request to the endpoint. If the tests pass, it will persist these changes into IAP.

You also have the option to run individual commands to perform specific test:

  • npm run healthcheck will perform a healthcheck request of with current setting.
  • npm run basicget will perform some non-parameter GET request with current setting.
  • npm run connectivity will perform networking diagnostics of the adatper endpoint.

Connectivity Issues

  1. You can run the adapter troubleshooting script which will check connectivity, run the healthcheck and run basic get calls.
npm run troubleshoot
  1. Verify the adapter properties are set up correctly.
Go into the Itential Platform GUI and verify/update the properties
  1. Verify there is connectivity between the Itential Platform Server and Checkpoint_Management Server.
ping the ip address of Checkpoint_Management server
try telnet to the ip address port of Checkpoint_Management
execute a curl command to the other system
  1. Verify the credentials provided for Checkpoint_Management.
login to Checkpoint_Management using the provided credentials
  1. Verify the API of the call utilized for Checkpoint_Management Healthcheck.
Go into the Itential Platform GUI and verify/update the properties

Functional Issues

Adapter logs are located in /var/log/pronghorn. In older releases of the Itential Platform, there is a pronghorn.log file which contains logs for all of the Itential Platform. In newer versions, adapters can be configured to log into their own files.