CheckPointSW
diff --git a/Diff for: ‎AddTagToObjects.py
+134 b/Diff for: ‎AddTagToObjects.py
+134
diff --git a/Diff for: ‎README.md
+80-1 b/Diff for: ‎README.md
+80-1
@@ -0,0 +1,134 @@
+import argparse
+import os
+
+from cpapi import APIClient, APIClientArgs
+
+import Utils
+
+
+def populate_parser():
+    parser = argparse.ArgumentParser(description="Add tags to objects.")
+    parser.add_argument("--username", "-u", required=False, default=os.getenv('MGMT_CLI_USER'),
+                        help="The management administrator's user name.\nEnvironment variable: MGMT_CLI_USER")
+    parser.add_argument("--password", "-p", required=False,
+                        help="The management administrator's password.\nEnvironment variable: MGMT_CLI_PASSWORD")
+    parser.add_argument("--management", "-m", required=False, default=os.getenv('MGMT_CLI_MANAGEMENT', "127.0.0.1"),
+                        help="The management server's IP address (In the case of a Multi-Domain Environment, "
+                             "use the IP address of the MDS domain).\nDefault: 127.0.0.1\nEnvironment variable: "
+                             "MGMT_CLI_MANAGEMENT")
+    parser.add_argument("--port", "--server-port", required=False, default=os.getenv('MGMT_CLI_PORT', 443),
+                        help="The port of the management server\nDefault: 443\nEnvironment variable: MGMT_CLI_PORT")
+    parser.add_argument("--domain", "-d", required=False, default=os.getenv('MGMT_CLI_DOMAIN'),
+                        help="The name, uid or IP-address of the management domain\n"
+                             "Environment variable: MGMT_CLI_DOMAIN")
+    parser.add_argument('--root', '-r', choices=['true', 'false'],
+                        help='\b{%(choices)s}\nLogin as root. When running on the management server, '
+                             'use this flag with value set to \'true\' to login as Super User administrator.',
+                        metavar=" \b\b")
+    parser.add_argument('--session-name', help='\nSession unique name. Default {add_tag}',
+                        default="add_tag", metavar="")
+    parser.add_argument('--session-description', help='Session description. Default {Current time}',
+                        default=Utils.DATETIME_NOW_STR, metavar="")
+    parser.add_argument('--partial-name', '-pn', required=False,
+                        help="Add tag to objects shown in object explorer by the provided partial-name. "
+                             "\nThis field required in case of using \'--only-used\' flag")
+    parser.add_argument('--mode', '-md', default='unused', choices=['used', 'unused', 'all'],
+                        help="Use this flag with value set to \'used\' to update only used objects, "
+                             "\'unused\' to update only unused objects or \'all\' to ignore the filter." +
+                             " \nDefault: \'unused\'.")
+    parser.add_argument('--tag', '-t', required=True, help="Name of the tag to add.")
+    return parser.parse_args()
+
+
+def is_in_use(client, uid):
+    res = client.api_call("where-used", {"uid": uid})
+    Utils.exit_failure("Failed to get usages of " + uid, res, client)
+    if int(res.data.get("used-directly").get("total")) > 0:
+        return True
+    else:
+        return False
+
+
+def main():
+    user_args = populate_parser()
+    Utils.log_file = open(os.path.dirname(os.path.abspath(__file__)) + os.sep + 'add_tag' +
+                          (user_args.domain if user_args.domain else "") + '_' +
+                          str(Utils.DATETIME_NOW_SEC) + '.txt', 'w+')
+    client_args = APIClientArgs(server=user_args.management, port=user_args.port)
+
+    with APIClient(client_args) as client:
+        # The API client, would look for the server's certificate SHA1 fingerprint in a file.
+        # If the fingerprint is not found on the file, it will ask the user if he accepts the server's fingerprint.
+        # In case the user does not accept the fingerprint, exit the program.
+        if client.check_fingerprint() is False:
+            Utils.print_msg("Could not get the server's fingerprint - Check connectivity with the server.")
+            exit(1)
+
+        Utils.login(user_args, client)
+
+        if user_args.partial_name:
+            result = client.api_query(command="show-objects", payload={"in": ["name", user_args.partial_name]})
+            objects = result.data
+        else:
+            if user_args.mode.lower() != "unused":
+                print("Can not use \'--mode\' flag set to \'used\' or \'all\' without \'partial-name\'")
+                client.api_call("discard")
+                exit(1)
+            result = client.api_query(command="show-unused-objects", payload={})
+            objects = result.data
+            pass
+
+        i = 0
+        for candidate_object in objects:
+            object_type = candidate_object.get("type")
+            uid = candidate_object.get("uid")
+
+            if user_args.partial_name and user_args.mode:
+                if user_args.mode.lower() == "used":
+                    if is_in_use(client, uid) is False:
+                        Utils.print_msg("WARNING: Object not in use " + uid)
+                        continue
+                elif user_args.mode.lower() == "unused":
+                    if is_in_use(client, uid) is True:
+                        Utils.print_msg("WARNING: Object in use " + uid)
+                        continue
+
+            res = client.api_call("set-" + object_type, {"uid": uid, "tags": {"add": user_args.tag}})
+
+            if res.success is False:
+                if res.error_message == "Requested API command: [set-" + object_type + "] not found":
+                    Utils.print_msg("WARNING: Object of type \'" + object_type + "\' is not supported. " +
+                                    "If necessary add tag manually to \'" + candidate_object.get("name") + "\'.")
+                    print("WARNING: Object of type " + object_type + " is not supported. " +
+                          "If necessary add tag manually to " + candidate_object.get("name") + ".")
+                    continue
+                elif "Object " + uid + " is read-only." in res.error_message:
+                    Utils.print_msg("WARNING: \'" + candidate_object.get("name") + "\' of type \'" + object_type +
+                                    "\' is read only object.")
+                    print("WARNING: \'" + candidate_object.get("name") + "\' of type \'" + object_type +
+                          "\' is read only object.")
+                    continue
+                elif "cannot be locked because it belongs to domain" in res.error_message:
+                    Utils.print_msg("WARNING: \'" + candidate_object.get("name") + "\' of type \'" + object_type +
+                                    "\' is from other domain.")
+                    print("WARNING: \'" + candidate_object.get("name") + "\' of type \'" + object_type +
+                          "\' is from other domain.")
+                    continue
+                else:
+                    Utils.exit_failure("Fail to set " + object_type + " with uid " + uid, res, client)
+            else:
+                Utils.print_msg("tag was added successfully to \'" + candidate_object.get("name") + "\'")
+                print("tag was added successfully to \'" + candidate_object.get("name") + "\'")
+            i = i + 1
+            if i % 50 == 0:
+                res = client.api_call("publish")
+                Utils.exit_failure("Publish operation failed ", res, client)
+
+        res = client.api_call("publish")
+        Utils.exit_failure("Publish operation failed ", res, client)
+    Utils.print_msg("Script finished successfully")
+    Utils.log_file.close()
+
+
+if __name__ == "__main__":
+    main()
@@ -1 +1,80 @@
-# UsefulManagementApiTools
+# Useful Management Api Tools
+Check Point Useful Management Api Tools contain scripts and tools that were used as solutions for customers.
+You can adjust the code according to your organization’s policy / needs.
+
+  - This tools can be executed on Management Server / Multi-Domain servers of version of R80.10 and up.
+
+## Instructions
+Clone the repository with this command:
+```git
+git clone https://github.com/CheckPointSW/UsefulManagementApiTools
+``` 
+or by clicking the _‘Download ZIP’_ button. 
+
+Download and install the [Check Point API Python SDK](https://github.com/CheckPointSW/cp_mgmt_api_python_sdk) 
+repository, follow the instructions in the SDK repository.
+
+## AddTagToObjects.py  
+Tool to add a tag to multiple objects. 
+<br>The tool supports three modes of tagging by given partial-name: 
+*   Add tag to all objects.
+*   Add tag to the unused objects.
+*   Add tag to the used objects.
+
+<br>If partial name is not supplied the tool will tag all unused objects.
+
+#### Main Options
+*__More options and details can be found with the '-h' option by running:__ python AddTagToObjects.py –h*
+
+*   [--tag, -t]&emsp;   The tag name that will be added to the objects.
+*   [--partial-name , -pn]&emsp; Add tag to objects shown in object explorer by the provided partial-name. 
+This field required in case of using \'--mode\' flag. The default is to add tag to all unused objects in the domain.
+*   [--mode, -md]&emsp;  Whether to consider if the objects are used or unused when adding the tag by name.  
+<br>&emsp;&emsp;There are three modes, the default is \'unused\':<br> 
+    *  unused: add tag only to unused objects with the given partial-name.  
+    *  used: add tag only to used objects with the given partial-name.
+    *  all: add tag to all objects with the given partial-name.
+
+#### Examples
+*   Running the tool on a remote management server: 
+<br>```python AddTagToObjects.py --tag TagForUnusedObjects -m 172.23.78.160 -u James -p MySecretPassword!```
+<br>The tool runs on a remote management server with IP address 172.23.78.160 and the tag "MyTag" will be added to all unused objects.
+
+*   Running the tool on a Multi-Domain Server for a specific domain: 
+<br>```python AddTagToObjects.py -t MyTag -d local_domain -u James -p MySecretPassword!```
+
+*   Running the tool on a Security Management Server with partial name: 
+<br>```python AddTagToObjects.py --tag my_host --partial-name "host_" -u James -p MySecretPassword!```
+<br>The tool will add "my_host" tag to all the unused objects that are found in the explorer with the given partial-name.
+
+*   Running the tool on a Security Management Server with partial name of unused objects:
+<br>```python AddTagToObjects.py  --tag my_host --partial-name "host_" --mode all -u James -p MySecretPassword!```
+<br>The tool will add "my_host" tag to all the objects that are found in the explorer with the given partial-name.
+
+
+## ReplaceReference.py  
+Replace references of two given objects. 
+The tool supports replacement in Access, Threat and Nat rules, and in groups and service-groups. 
+
+#### Main Options
+*__More options and details can be found with the '-h' option by running:__ python ReplaceReference.py –h*
+
+*   [--original-reference, -o]&emsp;   The full name of the replaced object, must be unique name.
+*   [--new-reference, -n]&emsp; The full name of the new object, must be unique name. 
+
+#### Examples
+*   Running the tool on a remote management server: 
+<br>```python ReplaceReference.py --original-reference old_host --new-reference new_host -m 172.23.78.160 -u James -p MySecretPassword!```
+<br>The tool runs on a remote management server with IP address 172.23.78.160 and replaces references from old_host to new_host.
+
+*   Running the tool on a Multi-Domain Server for a specific domain: 
+<br>```python ReplaceReference.py -o Global_object -n local_object -d local_domain -u James -p MySecretPassword!```
+<br>The tool can replace references to a Global object with references to a local object.
+
+
+## Development Environment
+The tool is developed using Python language version 2.7, version 3.7 and [Check Point API Python SDK](https://github.com/CheckPointSW/cp_mgmt_api_python_sdk).
+
+
+
+