search

cisco-en-programmability / dnacentersdk

Cisco DNA Center Python SDK
https://dnacentersdk.readthedocs.io/en/latest/
MIT License
70 stars 33 forks source link

Secure? Repository Doesn't Match Published Code #32

Closed timway closed 2 years ago

timway commented 3 years ago

Is this repository secure or safe? The PyPI package has versions that don't seem to be published here. I can't openly view the code that was released (easily).

https://pypi.org/project/dnacentersdk/

Also, is there a pattern being used here? @jbogarin you mentioned code generation #31 is that true? Is the code for generating in the repo somewhere as well or as that a reference to all of the JS importing and validation from that?

jbogarin commented 3 years ago

Tim,

That's an error on my side. I updated the PyPI files but haven't uploaded the code here. I'll do that today.

And no, the code generation tool is not available, and I don't think it will be.

Do you have any other questions?

timway commented 3 years ago

Thanks all good. Was just inspecting the code and trying to follow what was happening.

I see bpm prefixing a number of the areas and all of the JSON files are prefixed with jsd. What is the significance or is that just a quirk of the code generation tool?

jbogarin commented 3 years ago

Tim,

I just uploaded a new version to PyPI (2.2.2) and created the tag here

The reason was because the Cisco DNA Center lab we used to create this SDK version was missing the GET /network-device endpoint documentation and that's what we use to generate the SDK.

I'll send you the bpm and jsd response tomorrow.

wastorga commented 3 years ago

@timway

Sorry for the delay.

Regarding the bpm and jsd, it is partially a quirk of the code generation tool. Let me explain.

The jsd_ files under models/validators/{version}/ are JSON schema validators. They are mapped in models/schema_validator.py. The dnacentersdk uses the SchemaValidator from dnacentersdk.models.schema_validator as a validator, you can see this in api/init.py.

If it is a POST or PUT operation, its SDK function has the active_validation parameter, if set to true it calls the appropriate JSON Schema validator. For example, create_netconf_credentials mapped to models/validators/v1_2_10/jsd_17929bc7465bb564.py

For the bpm_ files, there is an object_factory that uses dnacentersdk.models.mydict.mydict_data_factory you can see this in api/init.py.

The mydict_data_factory does not do any mapping, if it did like the webexteamssdk (which this library is inspired by) it will map the string to the Python object representation of the response body.

Let me know if you have any doubts.