Update MissionStatement and Goals

[daxm]

Looking for help in updating the Mission Statement and Goals for this project. I haven't updated them for a long time but I don't want to "push" any agenda on anyone helping with this project. So, I'd like to use this "issue" ticket to generate discussion on what we should do going forward. https://github.com/daxm/fmcapi/blob/master/docs/MissionStatement%20and%20Goals.md

[parkerbrother1]

What do you think should change about it? They all still seem to apply.

[daxm]

It's not "wrong" but I wanted to get your input on the direction of the project. Should we just keep it at a "bug fix" state? Should we actually attempt to work on bringing this project to feature parity with the available FMC APIs?

Just looking for your thoughts.

[parkerbrother1]

I would like to get near feature parity. Short term I am working on the rest of the device classes, followed by device groups then policy. That would cover most of the practical day to day use cases for the project.

Long term I would like a web front end that could generate and store configurations, similar to the cisco-firepower-automation project I started last year. That would give it good value for templatized greenfield deployments. I currently have a cli-based one that uses yaml to store the config and autodeploy.

Long long term I would like to add an ASA to Firepower migration tool to the web front end that would use the ASA API instead of the Cisco tool that relies on the CLI/config file.

Long long long term I plan to make an ISE and Stealthwatch project similiar to this and bring them all together in a web front end.

Somewhere in there I would like to handle more error messages from the api, but I am more focused on features than bugfixes right now. Kind of like Cisco. 😅

[daxm]

Those are some very hefty goals! (Not that I'm complaining.)

I have a friend I could possibly pull in to help with the web UI. He has a lot of experience doing that and he helped me get this project off the ground years back.

That said, my original goal for this project was to provide a "module" to help Security/Network Engineers interface with FMC's API as they, as a group, typically don't have programming backgrounds and interfacing with the API isn't for the faint of heart. So, the fmcapi project was built to give them a "programmer'lite" way of using the FMC's API. I always envisioned it as a CLI tool (or Python module you import into your larger project).

I'm 100% behind you on bringing fmcapi to feature parity.

Do you know anyone that could help us achieve that goal?

[parkerbrother1]

Yeah a programmer-lite module makes sense. This is something that Cisco should've developed themselves and released as an SDK the same way that VMware has one for their API. It seems they've focused most of their resources on the FTD API instead.

The web front end can certainly be another project that uses this as the backend. That was basically the reason I started contributing to this project since I needed it to support more classes.

Adding some code examples/snippets using a yaml file would be a good way to give non-programmer engineers a way to get their feet wet without having to do the heavy lifting required to interface with the API. I don't know anyone that could help with this unfortunately.

[NetDevAutomate]

If I can help in any way, mainly testing as not as strong as you guys Python wise, please let me.know. A fantastic project that I've used a few times already to save a lot of time and pain with the FMCs

[daxm]

If I can help in any way, mainly testing as not as strong as you guys Python wise, please let me.know. A fantastic project that I've used a few times already to save a lot of time and pain with the FMCs

Yes please! My "lab" is extremely limited. At best I can "unit test" each feature but that is about it. Not to mention that our documentation is nearly non-existent too. Jump in ANYWHERE you think you can be of service. We welcome you with open arms!

[parkerbrother1]

@karmicgeezer Can you test the new etherchannelInterfaces class? I don't have a physical device to test on.

[parkerbrother1]

Based on the pre 6.3 feature parity sheet, we were over 65% parity. However once all of the newer classes have been added, we are ~51% parity. I haven't added the new 6.4 stuff yet either.

[daxm]

That is why I changed the versioning of the project. Originally I tried to make the "version" equal the percentage of covered APis but obviously that would eventually mean that my version number would either stay at "1.0" forever OR it would have to go down and back up again. So, I just use the date in which I push to PyPi as the version number. Then, if needed, I'll add a ".X" on the end of that if we publish more than once a day.

[parkerbrother1]

If anyone wants to take on a small project, they can look at integrating the new icmpv4/icmpv6 objects into the source/destination port methods in ACPRule

[NetDevAutomate]

So sorry for the poor response, having a major issue a work which ironically is FMC/FTD related causing significant issues.

Sadly my lab is also virtual but may be able to spin up an FTD in VIRL or GNS3 which would allow me to test ether channel configuration.

Currently I’m stuck trying to delete a large volume of rules from a number of policies, around 1,000 rules and the FMC is not playing nicely via the API.

As soon as we get this resolved I’ll try to get testing.

Many thanks,

Andy

On 21 Jun 2019, at 07:42, parkerbrother1 notifications@github.com wrote:

@karmicgeezer https://github.com/karmicgeezer Can you test the new etherchannelInterfaces class? I don't have a physical device to test on.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/daxm/fmcapi/issues/19?email_source=notifications&email_token=ACM6ZXUXRVNJEYNZ3WTIQ53P3RZ5JA5CNFSM4HZBMXC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYHS2TY#issuecomment-504311119, or mute the thread https://github.com/notifications/unsubscribe-auth/ACM6ZXRD5DEIJ6AGJCOPWU3P3RZ5JANCNFSM4HZBMXCQ.

[daxm]

Andy, have you had a chance to try out the latest fmcapi release? I think it solves your limit request/issue.

[NetDevAutomate]

Hiya,

I’ve not used it but did read through the code, it does look like it fixes the problem.

Really very grateful!

Kind regards,

Andy

On 25 Aug 2019, at 19:24, daxm notifications@github.com wrote:

Andy, have you had a chance to try out the latest fmcapi release? I think it solves your limit request/issue.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/daxm/fmcapi/issues/19?email_source=notifications&email_token=ACM6ZXUIX2PLE37F6KF2MQTQGLE6XA5CNFSM4HZBMXC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5CZCCI#issuecomment-524652809, or mute the thread https://github.com/notifications/unsubscribe-auth/ACM6ZXWFAXTXUQXO44S52NLQGLE6XANCNFSM4HZBMXCQ.