catocli 1.0.21__py3-none-any.whl → 2.0.1__py3-none-any.whl

schema/catolib.py

@@ -503,8 +503,6 @@ def writeCliDriver(catoApiSchema):
 			parsersIndex[operationNameAry[0]+"_"+operationNameAry[1]] = True
 	parsers = list(parsersIndex.keys())
 
-
-
 	cliDriverStr = """
 import os
 import argparse
@@ -513,15 +511,15 @@ import catocli
 from graphql_client import Configuration
 from graphql_client.api_client import ApiException
 from ..parsers.parserApiClient import get_help
+from .profile_manager import get_profile_manager
+from .version_checker import check_for_updates, force_check_updates
 import traceback
 import sys
 sys.path.insert(0, 'vendor')
 import urllib3
 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
-if "CATO_TOKEN" not in os.environ:
-	print("Missing authentication, please set the CATO_TOKEN environment variable with your api key.")
-	exit()
-CATO_TOKEN = os.getenv("CATO_TOKEN")
+# Initialize profile manager
+profile_manager = get_profile_manager()
 CATO_DEBUG = bool(os.getenv("CATO_DEBUG", False))
 from ..parsers.raw import raw_parse
 from ..parsers.custom import custom_parse
@@ -531,12 +529,56 @@ from ..parsers.query_siteLocation import query_siteLocation_parse
 		cliDriverStr += "from ..parsers."+parserName+" import "+parserName+"_parse\n"
 
 	cliDriverStr += """
-configuration = Configuration()
-configuration.verify_ssl = False
-configuration.api_key["x-api-key"] = CATO_TOKEN
-configuration.host = "{}".format(catocli.__cato_host__)
-configuration.debug = CATO_DEBUG
-configuration.version = "{}".format(catocli.__version__)
+def show_version_info(args, configuration=None):
+	print(f"catocli version {catocli.__version__}")
+	
+	if not args.current_only:
+		if args.check_updates:
+			# Force check for updates
+			is_newer, latest_version, source = force_check_updates()
+		else:
+			# Regular check (uses cache)
+			is_newer, latest_version, source = check_for_updates(show_if_available=False)
+		
+		if latest_version:
+			if is_newer:
+				print(f"Latest version: {latest_version} (from {source}) - UPDATE AVAILABLE!")
+				print()
+				print("To upgrade, run:")
+				print("pip install --upgrade catocli")
+			else:
+				print(f"Latest version: {latest_version} (from {source}) - You are up to date!")
+		else:
+			print("Unable to check for updates (check your internet connection)")
+	return [{"success": True, "current_version": catocli.__version__, "latest_version": latest_version if not args.current_only else None}]
+
+def get_configuration():
+	configuration = Configuration()
+	configuration.verify_ssl = False
+	configuration.debug = CATO_DEBUG
+	configuration.version = "{}".format(catocli.__version__)
+	
+	# Try to migrate from environment variables first
+	profile_manager.migrate_from_environment()
+	
+	# Get credentials from profile
+	credentials = profile_manager.get_credentials()
+	if not credentials:
+		print("No Cato CLI profile configured.")
+		print("Run 'catocli configure set' to set up your credentials.")
+		exit(1)
+
+	if not credentials.get('cato_token') or not credentials.get('account_id'):
+		profile_name = profile_manager.get_current_profile()
+		print(f"Profile '{profile_name}' is missing required credentials.")
+		print(f"Run 'catocli configure set --profile {profile_name}' to update your credentials.")
+		exit(1)
+	
+	configuration.api_key["x-api-key"] = credentials['cato_token']
+	configuration.host = credentials['endpoint']
+	configuration.accountID = credentials['account_id']
+	
+	return configuration
 
 defaultReadmeStr = \"""
 The Cato CLI is a command-line interface tool designed to simplify the management and automation of Cato Networks’ configurations and operations. 
@@ -547,7 +589,15 @@ https://github.com/catonetworks/cato-api-explorer
 
 parser = argparse.ArgumentParser(prog='catocli', usage='%(prog)s <operationType> <operationName> [options]', description=defaultReadmeStr)
 parser.add_argument('--version', action='version', version=catocli.__version__)
+parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
 subparsers = parser.add_subparsers()
+
+# Version command - enhanced with update checking
+version_parser = subparsers.add_parser('version', help='Show version information and check for updates')
+version_parser.add_argument('--check-updates', action='store_true', help='Force check for updates (ignores cache)')
+version_parser.add_argument('--current-only', action='store_true', help='Show only current version')
+version_parser.set_defaults(func=show_version_info)
+
 custom_parsers = custom_parse(subparsers)
 raw_parsers = subparsers.add_parser('raw', help='Raw GraphQL', usage=get_help("raw"))
 raw_parser = raw_parse(raw_parsers)
@@ -563,24 +613,51 @@ mutation_subparsers = mutation_parser.add_subparsers(description='valid subcomma
 
 	cliDriverStr += """
 
+def parse_headers(header_strings):
+	headers = {}
+	if header_strings:
+		for header_string in header_strings:
+			if ':' not in header_string:
+				print(f"ERROR: Invalid header format '{header_string}'. Use 'Key: Value' format.")
+				exit(1)
+			key, value = header_string.split(':', 1)
+			headers[key.strip()] = value.strip()
+	return headers
+
 def main(args=None):
+	# Check if no arguments provided or help is requested
+	if args is None:
+		args = sys.argv[1:]
+
+	# Show version check when displaying help or when no command specified
+	if not args or '-h' in args or '--help' in args:
+		# Check for updates in background (non-blocking)
+		try:
+			check_for_updates(show_if_available=True)
+		except Exception:
+			# Don't let version check interfere with CLI operation
+			pass
+
 	args = parser.parse_args(args=args)
 	try:
-		CATO_ACCOUNT_ID = os.getenv("CATO_ACCOUNT_ID")
-		if args.func.__name__!="createRawRequest":
-			if CATO_ACCOUNT_ID==None and args.accountID==None:
-				print("Missing accountID, please specify an accountID:\\n")
-				print('Option 1: Set the CATO_ACCOUNT_ID environment variable with the value of your account ID.')
-				print('export CATO_ACCOUNT_ID="12345"\\n')
-				print("Option 2: Override the accountID value as a cli argument, example:")
-				print('catocli <operationType> <operationName> -accountID=12345 <json>')
-				print("catocli query entityLookup -accountID=12345 '{\\\"type\\\":\\\"country\\\"}'\\n")
-				exit()
-			elif args.accountID!=None:
-				configuration.accountID = args.accountID
-			else:
-				configuration.accountID = CATO_ACCOUNT_ID
-		response = args.func(args, configuration)
+		# Skip authentication for configure commands
+		if hasattr(args, 'func') and hasattr(args.func, '__module__') and 'configure' in str(args.func.__module__):
+			response = args.func(args, None)
+		else:
+			# Get configuration from profiles
+			configuration = get_configuration()
+			
+			# Parse custom headers if provided
+			if hasattr(args, 'headers') and args.headers:
+				custom_headers = parse_headers(args.headers)
+				configuration.custom_headers.update(custom_headers)					
+			# Handle account ID override
+			if args.func.__name__ != "createRawRequest":
+				if hasattr(args, 'accountID') and args.accountID is not None:
+					# Command line override takes precedence
+					configuration.accountID = args.accountID
+				# Otherwise use the account ID from the profile (already set in get_configuration)
+			response = args.func(args, configuration)
 
 		if type(response) == ApiException:
 			print("ERROR! Status code: {}".format(response.status))
@@ -932,7 +1009,7 @@ def generateGraphqlPayload(variablesObj,operation,operationName):
 	queryStr += ") {\n" + renderArgsAndFields("", variablesObj, operation, operation["type"]["definition"], "		") + "	}"
 	queryStr += indent + "\n}";
 	body = {
-		"query":queryStr.replace("\n", " ").replace("\t", " ").replace("    ", " ").replace("   ", " ").replace("  ", " "),
+		"query":queryStr.replace("\n", " ").replace("\t", " ").replace("	", " ").replace("   ", " ").replace("  ", " "),
 		"variables":variablesObj,
 		"operationName":renderCamelCase(".".join(operationAry)),
 	}

scripts/catolib.py

@@ -0,0 +1,62 @@
+#!/usr/bin/env python3
+import json
+import os
+import sys
+import subprocess
+from typing import Any, Dict, List, Union
+
+def should_strip_id(obj: Dict[str, Any]) -> bool:
+    if not isinstance(obj, dict):
+        return False
+    
+    keys = set(obj.keys())
+    return keys == {'name', 'id'}
+
+def strip_ids_recursive(obj: Union[Dict, List, Any]) -> Union[Dict, List, Any, None]:
+    if isinstance(obj, dict):
+        new_obj = {}
+        for key, value in obj.items():
+            ## Ignoring sections to retain id and name pair
+            if key == 'sections':
+                new_obj[key] = value
+            else:
+                processed_value = strip_ids_recursive(value)
+                # Skip keys where the value is an empty list
+                if processed_value != []:
+                    new_obj[key] = processed_value
+            # Check if this object should have its id stripped
+            if should_strip_id(new_obj):
+                return {'name': new_obj['name']}
+        return new_obj
+
+    elif isinstance(obj, list):
+        # Recursively process all items in the list
+        processed_list = [strip_ids_recursive(item) for item in obj]
+        # Remove None values from the list (if any were removed)
+        processed_list = [item for item in processed_list if item is not None]
+        return processed_list
+    
+    else:
+        # For primitive types (str, int, bool, None), return as-is
+        return obj
+
+## General purpose functions
+def exec_cli(command):
+    result = None
+    try:
+        response = subprocess.run(command, shell=True, text=True, capture_output=True)
+        if response.returncode != 0:
+            print(f"Command failed with return code {response.returncode}")
+            print(f"stderr: {response.stderr}")
+            return None
+        result = json.loads(response.stdout)
+    except json.JSONDecodeError as e:
+        print(f"Failed to parse JSON response: {e}")
+        print(f"stdout: {response.stdout}")
+        print(f"stderr: {response.stderr}")
+        return None
+    except Exception as e:
+        print(f"Failed to execute command: {e}")
+        return None
+    return result
+

scripts/export_if_rules_to_json.py

@@ -0,0 +1,188 @@
+import sys
+import csv
+import subprocess
+import json
+import os
+import argparse
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..'))
+from graphql_client.api.call_api import ApiClient, CallApi
+from graphql_client import Configuration
+from graphql_client.api_client import ApiException
+import catocli
+
+# Configuration variables
+DESTINATION_DIR = "config_data"
+
+def strip_ids_recursive(data):
+    """Recursively strip id attributes from data structure"""
+    if isinstance(data, dict):
+        return {k: strip_ids_recursive(v) for k, v in data.items() if k != 'id'}
+    elif isinstance(data, list):
+        return [strip_ids_recursive(item) for item in data]
+    else:
+        return data
+
+def main():
+    # Parse command line arguments
+    parser = argparse.ArgumentParser(description='Export IFW rules to JSON')
+    parser.add_argument('-accountID', help='Account ID to export rules from', required=True)
+    parser.add_argument('--output-file-path', help='Full path including filename and extension for output file. If not specified, uses default: config_data/all_ifw_rules_and_sections_{account_id}.json')
+    parser.add_argument('-v', '--verbose', action='store_true', help='Verbose output')
+    args = parser.parse_args()
+    
+    ACCOUNT_ID = args.accountID
+    
+    # Setup API client configuration
+    if "CATO_TOKEN" not in os.environ:
+        print("Missing authentication, please set the CATO_TOKEN environment variable with your api key.")
+        sys.exit(1)
+    
+    configuration = Configuration()
+    configuration.verify_ssl = False
+    configuration.api_key["x-api-key"] = os.getenv("CATO_TOKEN")
+    configuration.host = "{}".format(catocli.__cato_host__)
+    configuration.accountID = ACCOUNT_ID
+    
+    # Set up output file path
+    if args.output_file_path:
+        # Use output file path if provided
+        output_file = args.output_file_path
+        destination_dir = os.path.dirname(output_file)
+        if args.verbose:
+            print(f"Using output file path: {output_file}")
+    else:
+        # Use default path and filename
+        destination_dir = 'config_data'
+        json_output_file = f"all_ifw_rules_and_sections_{ACCOUNT_ID}.json"
+        output_file = os.path.join(destination_dir, json_output_file)
+        if args.verbose:
+            print(f"Using default path: {output_file}")
+    
+    # Create destination directory if it doesn't exist
+    if destination_dir and not os.path.exists(destination_dir):
+        if args.verbose:
+            print(f"Creating directory: {destination_dir}")
+        os.makedirs(destination_dir)
+    policyQuery = {
+        "query": "query policy ( $accountId:ID! ) { policy ( accountId:$accountId ) { internetFirewall { policy { enabled rules { audit { updatedTime updatedBy } rule { id name description index section { id name } enabled source { ip host { id name } site { id name } subnet ipRange { from to } globalIpRange { id name } networkInterface { id name } siteNetworkSubnet { id name } floatingSubnet { id name } user { id name } usersGroup { id name } group { id name } systemGroup { id name } } connectionOrigin country { id name } device { id name } deviceOS deviceAttributes { category type model manufacturer os osVersion } destination { application { id name } customApp { id name } appCategory { id name } customCategory { id name } sanctionedAppsCategory { id name } country { id name } domain fqdn ip subnet ipRange { from to } globalIpRange { id name } remoteAsn containers { fqdnContainer { id name } ipAddressRangeContainer { id name } } } service { standard { id name } custom { port portRange { from to } protocol } } action tracking { event { enabled } alert { enabled frequency subscriptionGroup { id name } webhook { id name } mailingList { id name } } } schedule { activeOn customTimeframePolicySchedule: customTimeframe { from to } customRecurringPolicySchedule: customRecurring { from to days } } exceptions { name source { ip host { id name } site { id name } subnet ipRange { from to } globalIpRange { id name } networkInterface { id name } siteNetworkSubnet { id name } floatingSubnet { id name } user { id name } usersGroup { id name } group { id name } systemGroup { id name } } deviceOS country { id name } device { id name } deviceAttributes { category type model manufacturer os osVersion } destination { application { id name } customApp { id name } appCategory { id name } customCategory { id name } sanctionedAppsCategory { id name } country { id name } domain fqdn ip subnet ipRange { from to } globalIpRange { id name } remoteAsn containers { fqdnContainer { id name } ipAddressRangeContainer { id name } } } service { standard { id name } custom { port portRangeCustomService: portRange { from to } protocol } } connectionOrigin } } properties } sections { audit { updatedTime updatedBy } section { id name } properties } audit { publishedTime publishedBy } revision { id name description changes createdTime updatedTime } } } } }",
+        "variables": {
+            "accountId": ACCOUNT_ID
+        },
+        "operationName": "policy"
+    }
+    print(f"Retrieving all IFW rules and sections for account {ACCOUNT_ID}...")
+    
+    # Create API client instance
+    instance = CallApi(ApiClient(configuration))
+    
+    # Create params object for the API call
+    params = {
+        'v': False,  # verbose mode
+        'f': 'json',  # format
+        'p': False,  # pretty print
+        't': False   # test mode
+    }
+    
+    try:
+        # Call the API directly
+        response = instance.call_api(policyQuery, params)
+        allIfwRules = response[0] if response else {}
+        
+        if not allIfwRules or 'data' not in allIfwRules:
+            print("ERROR: Failed to retrieve data from API")
+            sys.exit(1)
+            
+    except ApiException as e:
+        print(f"ERROR: API call failed - {e}")
+        sys.exit(1)
+    except Exception as e:
+        print(f"ERROR: Unexpected error - {e}")
+        sys.exit(1)
+    
+    # First, preserve section IDs before stripping them
+    section_id_map = {}
+    sections_with_ids = allIfwRules['data']['policy']['internetFirewall']['policy']['sections']
+    for section_data in sections_with_ids:
+        section_id_map[section_data['section']['name']] = section_data['section']['id']
+    
+    # Get the first section ID for section_to_start_after_id
+    section_to_start_after_id = None
+    if len(sections_with_ids) > 0:
+        section_to_start_after_id = sections_with_ids[0]['section']['id']
+        print(f"Excluding first section with system rule: {sections_with_ids[0]['section']['name']}")
+    
+    ## Processing data to strip id attributes
+    processed_data = strip_ids_recursive(allIfwRules)
+    
+    ## Filter out rules with properties[0]=="SYSTEM"
+    filtered_rules = []
+    for rule_data in processed_data['data']['policy']['internetFirewall']['policy']['rules']:
+        rule_properties = rule_data.get('properties', [])
+        # Skip rules where the first property is "SYSTEM"
+        if rule_properties and rule_properties[0] == "SYSTEM":
+            print(f"Excluding SYSTEM rule: {rule_data['rule']['name']}")
+        else:
+            filtered_rules.append(rule_data)
+    processed_data['data']['policy']['internetFirewall']['policy']['rules'] = filtered_rules
+    # rules = filtered_rules
+    
+    # Add index_in_section to each rule
+    # Group rules by section and add index_in_section
+    section_counters = {}
+    for rule_data in processed_data['data']['policy']['internetFirewall']['policy']['rules']:
+        section_name = rule_data['rule']['section']['name']
+        if section_name not in section_counters:
+            section_counters[section_name] = 0
+        section_counters[section_name] += 1
+        rule_data['rule']['index_in_section'] = section_counters[section_name]
+    
+    # Create rules_in_sections array
+    rules_in_sections = []
+    for rule_data in processed_data['data']['policy']['internetFirewall']['policy']['rules']:
+        rule_info = rule_data['rule']
+        rules_in_sections.append({
+            "index_in_section": rule_info['index_in_section'],
+            "section_name": rule_info['section']['name'],
+            "rule_name": rule_info['name']
+        })
+        rule_info.pop("index_in_section", None)
+        rule_info.pop("index", None)
+        rule_info["enabled"] = True
+
+    # Add rules_in_sections to the policy structure
+    processed_data['data']['policy']['internetFirewall']['policy']['rules_in_sections'] = rules_in_sections
+    
+    # Reformat sections array to have index, section_id and section_name structure
+    # Exclude the first section from export
+    processed_sections = [] 
+    # Add first section containing reserved SYSTEM rules as section_to_start_after_id
+    for index, section_data in enumerate(processed_data['data']['policy']['internetFirewall']['policy']['sections']):
+        if index == 0:
+            # Skip the first section which contains reserved SYSTEM rules
+            continue
+        else:
+            processed_sections.append({
+                "section_index": index,
+                "section_name": section_data['section']['name']
+            })
+    
+    # Add preserved section IDs and section_to_start_after_id
+    processed_data['data']['policy']['internetFirewall']['policy']['section_ids'] = section_id_map
+    if section_to_start_after_id:
+        processed_data['data']['policy']['internetFirewall']['policy']['section_to_start_after_id'] = section_to_start_after_id
+
+    if len(sections_with_ids) > 0:
+        print(f"Excluded first section: {sections_with_ids[0]['section']['name']} containing reserved SYSTEM rules")
+    
+    # Replace the original sections array with the reformatted one
+    processed_data['data']['policy']['internetFirewall']['policy']['sections'] = processed_sections
+        
+    # Write the processed data to the new file
+    with open(output_file, 'w', encoding='utf-8') as f:
+        json.dump(processed_data, f, indent=4, ensure_ascii=False)    
+    print(f"Successfully created {output_file}")
+    
+
+if __name__ == "__main__":
+    main()
+

scripts/export_wf_rules_to_json.py

@@ -0,0 +1,111 @@
+import sys
+import csv
+import subprocess
+import json
+import os
+import argparse
+import catolib
+
+# Configuration variables
+DESTINATION_DIR = "config_data"
+
+def main():
+    # Parse command line arguments
+    parser = argparse.ArgumentParser(description='Export WAN rules to JSON')
+    parser.add_argument('account_id', help='Account ID to export rules from')
+    args = parser.parse_args()
+    
+    ACCOUNT_ID = args.account_id
+    JSON_OUTPUT_FILE = f"all_wf_rules_and_sections_{ACCOUNT_ID}.json"
+    # Create destination directory if it doesn't exist
+    if not os.path.exists(DESTINATION_DIR):
+        print(f"Creating directory: {DESTINATION_DIR}")
+        os.makedirs(DESTINATION_DIR)
+    
+    # Set full file paths
+    output_file = os.path.join(DESTINATION_DIR, JSON_OUTPUT_FILE)
+    policyQuery = {
+        "query": "query policy ( $accountId:ID! ) { policy ( accountId:$accountId ) { wanFirewall { policy { enabled rules { audit { updatedTime updatedBy } rule { id name description index section { id name } enabled source { host { id name } site { id name } subnet ip ipRange { from to } globalIpRange { id name } networkInterface { id name } siteNetworkSubnet { id name } floatingSubnet { id name } user { id name } usersGroup { id name } group { id name } systemGroup { id name } } connectionOrigin country { id name } device { id name } deviceOS deviceAttributes { category type model manufacturer os osVersion } destination { host { id name } site { id name } subnet ip ipRange { from to } globalIpRange { id name } networkInterface { id name } siteNetworkSubnet { id name } floatingSubnet { id name } user { id name } usersGroup { id name } group { id name } systemGroup { id name } } application { application { id name } appCategory { id name } customApp { id name } customCategory { id name } sanctionedAppsCategory { id name } domain fqdn ip subnet ipRange { from to } globalIpRange { id name } } service { standard { id name } custom { port portRange { from to } protocol } } action tracking { event { enabled } alert { enabled frequency subscriptionGroup { id name } webhook { id name } mailingList { id name } } } schedule { activeOn customTimeframePolicySchedule: customTimeframe { from to } customRecurringPolicySchedule: customRecurring { from to days } } direction exceptions { name source { host { id name } site { id name } subnet ip ipRange { from to } globalIpRange { id name } networkInterface { id name } siteNetworkSubnet { id name } floatingSubnet { id name } user { id name } usersGroup { id name } group { id name } systemGroup { id name } } deviceOS destination { host { id name } site { id name } subnet ip ipRange { from to } globalIpRange { id name } networkInterface { id name } siteNetworkSubnet { id name } floatingSubnet { id name } user { id name } usersGroup { id name } group { id name } systemGroup { id name } } country { id name } device { id name } deviceAttributes { category type model manufacturer os osVersion } application { application { id name } appCategory { id name } customApp { id name } customCategory { id name } sanctionedAppsCategory { id name } domain fqdn ip subnet ipRange { from to } globalIpRange { id name } } service { standard { id name } custom { port portRangeCustomService: portRange { from to } protocol } } connectionOrigin direction } } properties } sections { audit { updatedTime updatedBy } section { id name } properties } audit { publishedTime publishedBy } revision { id name description changes createdTime updatedTime } } } } }",
+        "variables": {
+            "accountId": ACCOUNT_ID
+        },
+        "operationName": "policy"
+    }
+    catocliCommand = "catocli raw '"+json.dumps(policyQuery)+"'"
+    print(f"Retrieving all WAN rules and sections for account {ACCOUNT_ID}...")
+    allWanRules = catolib.exec_cli(catocliCommand)
+    
+    ## Processing data to strip id attributes
+    processed_data = catolib.strip_ids_recursive(allWanRules)
+
+    ## Preserving section IDs index by section name
+    section_id_map = {}
+    if 'data' in allWanRules and 'policy' in allWanRules['data'] and 'wanFirewall' in allWanRules['data']['policy']:
+        for section_data in allWanRules['data']['policy']['wanFirewall']['policy']['sections']:
+            section_id_map[section_data['section']['name']] = section_data['section']['id']
+    processed_data['data']['policy']['wanFirewall']['policy']['section_ids'] = section_id_map
+    
+    ## Filter out rules with properties[0]=="SYSTEM"
+    filtered_rules = []
+    for rule_data in processed_data['data']['policy']['wanFirewall']['policy']['rules']:
+        rule_properties = rule_data.get('properties', [])
+        # Skip rules where the first property is "SYSTEM"
+        if rule_properties and rule_properties[0] == "SYSTEM":
+            print(f"Excluding SYSTEM rule: {rule_data['rule']['name']}")
+        else:
+            filtered_rules.append(rule_data)
+    processed_data['data']['policy']['wanFirewall']['policy']['rules'] = filtered_rules
+    # rules = filtered_rules
+    
+    # Add index_in_section to each rule
+    # Group rules by section and add index_in_section
+    section_counters = {}
+    for rule_data in processed_data['data']['policy']['wanFirewall']['policy']['rules']:
+        section_name = rule_data['rule']['section']['name']
+        if section_name not in section_counters:
+            section_counters[section_name] = 0
+        section_counters[section_name] += 1
+        rule_data['rule']['index_in_section'] = section_counters[section_name]
+    
+    # Create rules_in_sections array
+    rules_in_sections = []
+    for rule_data in processed_data['data']['policy']['wanFirewall']['policy']['rules']:
+        rule_info = rule_data['rule']
+        rules_in_sections.append({
+            "index_in_section": rule_info['index_in_section'],
+            "section_name": rule_info['section']['name'],
+            "rule_name": rule_info['name']
+        })
+        rule_info.pop("index_in_section", None)
+        rule_info.pop("index", None)
+        rule_info["enabled"] = True
+
+    # Add rules_in_sections to the policy structure
+    processed_data['data']['policy']['wanFirewall']['policy']['rules_in_sections'] = rules_in_sections
+    
+    # Reformat sections array to have index, section_id and section_name structure
+    # Exclude the first section from export, excluding first section
+    
+    processed_sections = []
+    # Add first section containing reserved SYSTEM rules as section_to_start_after_id
+    for index, section_data in enumerate(processed_data['data']['policy']['wanFirewall']['policy']['sections']):
+        processed_sections.append({
+            "section_index": index,
+            "section_name": section_data['section']['name']
+        })
+
+    if len(processed_data['data']['policy']['wanFirewall']['policy']['sections']) > 0:
+        print(f"Excluded first section: {processed_data['data']['policy']['wanFirewall']['policy']['sections'][0]['section']['name']} containing reserved SYSTEM rules")
+    
+    # Replace the original sections array with the reformatted one
+    processed_data['data']['policy']['wanFirewall']['policy']['sections'] = processed_sections
+        
+    # Write the processed data to the new file
+    with open(output_file, 'w', encoding='utf-8') as f:
+        json.dump(processed_data, f, indent=4, ensure_ascii=False)    
+    print(f"Successfully created {output_file}")
+    
+
+if __name__ == "__main__":
+    main()
+