Closed Ivanszky closed 1 year ago
I ran the tool with debug enabled, and from that it seems that it doesn't reauthenticate before executing the actual deletion, so it is using the old token. As far as I know, the token is only valid for 60 minutes, so this might be the root cause of the issue:
$ docker logs charming_hypatia
Debug mode: True
send: b'POST /dna/system/api/v1/auth/token HTTP/1.1\r\nHost: dnac.mvmi.net\r\nUser-Agent: python-requests/2.28.2\r\nAccept-Encoding: gzip, deflate\r\nAccept: application/json\r\nConnection: keep-alive\r\nContent-Type: application/json\r\nContent-Length: 0\r\nAuthorization: Basic Y2lzY29kbmFjYmFja3VwY3RsOmFLaDhaV1d0R1E5Z2UjSGw=\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Content-Type: application/json
header: Content-Length: 744
header: Connection: keep-alive
header: Date: Tue, 11 Apr 2023 10:09:01 GMT
header: X-Password-Expiry-Days: -1, -1, -1
header: Server: webserver
header: x-request-id: e26e9c43cb5f2f29fc861eaa58d9cf84
header: Vary: Origin
header: Access-Control-Allow-Origin: pa-dnac.mvmi.net
header: Via: api-gateway
header: Cache-Control: no-store
header: Pragma: no-cache
header: Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1
header: Strict-Transport-Security: max-age=31536000; includeSubDomains
header: X-Frame-Options: SAMEORIGIN
Your backups will be deleted daily at 13:39
send: b'GET /api/system/v1/maglev/backup HTTP/1.1\r\nHost: dnac.mvmi.net\r\nUser-Agent: python-requests/2.28.2\r\nAccept-Encoding: gzip, deflate\r\nAccept: application/json\r\nConnection: keep-alive\r\nX-Auth-Token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI2NDJhYjI1NDg1OTk4NjZiNzkyZDAzODIiLCJhdXRoU291cmNlIjoiaW50ZXJuYWwiLCJ0ZW5hbnROYW1lIjoiVE5UMCIsInJvbGVzIjpbIjY0MmFiMjAzODU5OTg2NmI3OTJkMDM1NCJdLCJ0ZW5hbnRJZCI6IjYyNGM3OTUyYWIyMGVhMDc3YmJlNWZjOCIsImV4cCI6MTY4MTIxMTM1NywiaWF0IjoxNjgxMjA3NzU3LCJqdGkiOiJmYjc4MWJiYS00NjVhLTRiMDAtOWFjNS03ZjE4MmUxN2Q4OWYiLCJ1c2VybmFtZSI6ImNpc2NvZG5hY2JhY2t1cGN0bCJ9.cfYX1at_abSjJ6G1rLcAzLFgZ19txDDFqirFUo_AJ6DLdnrxPPB4dQLSNHkrgjyQcSB3FQp7pFtOG3_JtThZJrkdZdTedWxFEo9uYFCrabTbDn-ZpC_5rG_n6bbCBcY5FJGPz3uFd4OvhwbRI271KPCKa2RQhw5XpO_inPAMTtaQmb32-uiwYap32hRZ5gppupB2_68VT3lYT3oQHw0N0m5xw5olxRpGbUut1Z0jbW-2PPIn9P8BMVNV9ZqaTqfENqAkMzGMsfFd4mqxcYGsrhsVWAFT5AGSiyqOtiCQJN8NNxn-nRJGczx_in30lPzwL0zzLD6xvqWXyr5o2Xtgmg\r\nContent-Type: application/json\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Date: Tue, 11 Apr 2023 13:39:00 GMT
header: Content-Type: application/json; charset=utf-8
header: Connection: keep-alive
header: X-APIGW: true
header: Server: webserver
header: Content-Length: 24
header: x-request-id: feb16a33f2513e082d3d0beaf9130565
header: Vary: Origin
header: Access-Control-Allow-Origin: pa-dnac.mvmi.net
header: Via: api-gateway
header: Cache-Control: no-store
header: Pragma: no-cache
header: Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1
header: Strict-Transport-Security: max-age=31536000; includeSubDomains
header: X-Frame-Options: SAMEORIGIN
[13:39:00] Cisco DNA Center isn't available - 401 Client Error: Unauthorized for url: https://dnac.mvmi.net/api/system/v1/maglev/backup cli.py:334
I've made the following change, and now it seems to work fine, it reauthenticates every time before it tries to do a scheduled purge:
[ubuntu@DESKTOP-7JMJ29K:~/code/ciscodnacbackupctl$ git diff
diff --git a/ciscodnacbackupctl/cli.py b/ciscodnacbackupctl/cli.py
index dad5bc0..6a4e083 100644
--- a/ciscodnacbackupctl/cli.py
+++ b/ciscodnacbackupctl/cli.py
@@ -328,6 +328,7 @@ def schedule_purge(ctx, interval, incompatible, keep, day, hour):
def job():
force = True
+ cli.api._auth()
try:
purge = cli.purge(keep=keep, incompatible=incompatible, force=force)
except Exception as error_msg:](url)
Good catch @Ivanszky We might just implement similar setup as for daemon. What do you think?
Good catch @Ivanszky We might just implement similar setup as for daemon. What do you think?
Seems like a good solution to me. :)
@Ivanszky do you want to make an PR (pull request) for this fix? 🙂
@Ivanszky do you want to make an PR (pull request) for this fix? 🙂
@robertcsapo I have opened a PR, apologies if it is not perfect, this is my first github PR...
Issue #19 is related as well to this PR #26
Hi Robert,
when I try to use schedule_purge, I got the following error message at the scheduled time:
Is it possible that the DNAC auth token times auth? As far as I can tell, the ciscodnacbackupctl.Api() is not called within the job() function, so I think it is not reauthenticated before the API call?
kind regards, Gabor