Merge pull request #2073 from CactuseSecurity/develop

Develop to Main v6.4
CactuseSecurity · May 25, 2023 · c755c15 · c755c15
2 parents 014e21a + 1d28d7d
commit c755c15
Show file tree

Hide file tree

Showing 69 changed files with 2,610 additions and 617 deletions.
diff --git a/.github/workflows/test-install.yml b/.github/workflows/test-install.yml
@@ -7,14 +7,14 @@ name: Build
 
 on:
   push:
-    branches: [ main,develop ]
+    branches: [ main, develop ]
     paths-ignore:
     - 'documentation/**'
     - 'design/**'
 
   pull_request:
-    types: [ ready_for_review review_requested ]
-    branches: [ main,develop ]
+    types: [ ready_for_review, review_requested ]
+    branches: [ main, develop ]
     paths-ignore:
     - 'documentation/**'
     - 'design/**'
@@ -38,10 +38,10 @@ jobs:
     - name: do test install in case of merged pull request
       run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K
 
-  test_ubuntu_22:
-    name: test build on  ubuntu_22
-    runs-on: ubuntu-22.04
-    steps:
-    - uses: actions/checkout@v3
-    - name: do test install in case of merged pull request
-      run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K
+  # test_ubuntu_22:
+  #   name: test build on  ubuntu_22
+  #   runs-on: ubuntu-22.04
+  #   steps:
+  #   - uses: actions/checkout@v3
+  #   - name: do test install in case of merged pull request
+  #     run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K
diff --git a/documentation/developer-docs/importer/firewall-APIs/checkpoint/readme.md b/documentation/developer-docs/importer/firewall-APIs/checkpoint/readme.md
@@ -76,7 +76,8 @@ gives the sid (session id) which can then be used to authenticate for further ap
   "api-server-version" : "1.8",
   "user-name" : "apiuser",
   "user-uid" : "ba2038a1-437f-45ef-8ea5-c8785cdad9a7"
-}```
+}
+```
 
 
 ## logout
@@ -93,3 +94,39 @@ curl --insecure --request POST \
   --header 'X-chkp-sid: PhTmI9SD02MTtCWCcTHpc8FsIlX63icc9CvF19PB3qo' \
   --data '{"name": "FirstLayer shared with inline layer"}'
 ```
+
+## get an arbitrary object by UID
+
+```console
+curl --insecure --request POST   --url https://192.168.100.88/web_api/show-object   --header 'Content-Type: application/json'   --header 'X-chkp-sid: KJC5pzFMSRINoVTSByVhUq1xdEE33WD0uy9iXl-cG-4'   --data '{"uid": "dd699ecd-1420-41a0-931f-de7f55f799b6", "details-level": "full"}'
+```
+results in 
+```console
+{
+  "object" : {
+    "uid" : "d699ecd-1420-41a0-931f-de7f55f799b6",
+    "type" : "access-section",
+    "domain" : {
+      "uid" : "3981ee76-52c3-1744-bf5b-75fe309b1ed9",
+      "name" : "dom-name1",
+      "domain-type" : "domain"
+    },
+    "tags" : [ ],
+    "meta-info" : {
+      "lock" : "unlocked",
+      "validation-state" : "ok",
+      "last-modify-time" : {
+        "posix" : 1668506934927,
+        "iso-8601" : "2022-11-15T11:08+0100"
+      },
+      "last-modifier" : "admin-user-1234",
+      "creation-time" : {
+        "posix" : 1668506934927,
+        "iso-8601" : "2022-11-15T11:08+0100"
+      },
+      "creator" : "admin-user-3433"
+    },
+    "read-only" : false
+  }
+}
+```
diff --git a/documentation/revision-history.md b/documentation/revision-history.md
@@ -296,3 +296,12 @@ adding report template format fk and permissions
 - hotfix UI and fortigate importer credential handling
 - checkpoint R8X importer adding support for Internet object type
 - reporting - CSV export for change report
+
+### 6.3.3 09.05.2023 DEVELOP
+- new importer module for importing FortiGate directly via FortiOS REST API
+
+### 6.4 25.05.2023 MAIN
+- New importer module for importing FortiGate directly via FortiOS REST API
+- Reporting: new lean export format JSON for resolved and tech reports
+- hotfix FortiGate FortiOS REST importer: removing reference to gw_networking
+- hotfix CPR8x importer: handling of empty section headers
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
@@ -1,5 +1,5 @@
 ### general settings
-product_version: "6.3.2"
+product_version: "6.4"
 ansible_user: "{{ lookup('env', 'USER') }}"
 ansible_become_method: sudo
 ansible_python_interpreter: /usr/bin/python3
@@ -53,6 +53,8 @@ http_proxy_import_parameter: ""
 # use the following syntax for authenticated proxy access:
 # http_proxy=http://USERNAME:[email protected]:8080/
 
+
+debian_testing_version: "11"
 arch: x86_64
 redhat_major_version: "8"
 redhat_arch: "{{ redhat_major_version }}-{{ arch }}"

diff --git a/inventory/group_vars/apiserver.yml b/inventory/group_vars/apiserver.yml
@@ -8,7 +8,7 @@ api_hasura_admin_test_password: "not4production"
 api_user_email: "{{ api_user }}@{{ api_network_listening_ip_address }}"
 api_home: "{{ fworch_home }}/api"
 api_hasura_cli_bin: "{{ fworch_home }}/api/bin/hasura"
-api_hasura_version: "v2.21.0"
+api_hasura_version: "v2.24.1"
 api_project_name: api
 api_no_metadata: false
 api_rollback_is_running: false

diff --git a/roles/FWO.sln b/roles/FWO.sln
@@ -35,7 +35,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "files", "files", "{B39AEFDC
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.Mail", "lib\files\FWO.Mail\FWO.Mail.csproj", "{1E7CA417-C64A-4BD9-98D2-5A0A2DD94726}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FWO.Recert", "lib\files\FWO.Recert\FWO.Recert.csproj", "{520779B1-20EB-45D9-8A02-D0C4DFEC9302}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.Recert", "lib\files\FWO.Recert\FWO.Recert.csproj", "{520779B1-20EB-45D9-8A02-D0C4DFEC9302}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution

diff --git a/roles/database/files/sql/creation/fworch-fill-stm.sql b/roles/database/files/sql/creation/fworch-fill-stm.sql
@@ -283,6 +283,10 @@ insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufac
     VALUES (22,'Palo Alto Panorama','2023ff','Palo Alto','',true,true,false) ON CONFLICT DO NOTHING;
 insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device)
     VALUES (23,'Palo Alto Management','2023ff','Palo Alto','',false,true,false) ON CONFLICT DO NOTHING;
+insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device)
+    VALUES (24,'FortiOS Management','REST','Fortinet','',false,true,false) ON CONFLICT DO NOTHING;
+insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device)
+    VALUES (25,'Fortinet FortiOS Gateway','REST','Fortinet','',false,false,false) ON CONFLICT DO NOTHING;
 
 update stm_dev_typ set dev_typ_predef_svc=
 'ANY;0;0;65535;1;other;simple