[documentation] Can you please provide an example for network objects updates and device object retrieval?

[giovanniaugusto-cs50]

First of all thanks for your job on this one.

Can you please provide an example on how to update a network object? the only way I can "add" items to an existing FMC network object is to instance a fmcapi.NetworkGroups object and add all the existing named objects one by one through a loop and then use a put method rather than a post.

About device objects, I mean the devices already registered, somehow I cannot retrieve these objects via fmcapi.DeviceRecords and the device object .get method

Is there a better method to do this?

[manofcolombia]

What version of FMC are you running and could you post some snippets of the code you are running so I can have an idea of what you are running into on the device records? Then I can better help with that question.

As far as "adding items to an existing FMC network object":

Take this existing network object group NET_OBJ_GRP01 - 1.1.1.0/24, 2.2.2.0/24

But you want to add 3.3.3.0/24 to this group, or really modify this group in any way other than deleting, you would be expected to use the PUT method as you are modifying an object not creating a brand new one as you would with a POST. PUT is also not PATCH, which some other APIs support but FMC does not. PATCH would allow you to add without having to include the existing configuration that you do not wish to change. PUT is more of an overwrite everything to make the modification you wish to make.

Here is some sample code for doing the above

    net_grp = fmcapi.NetworkGroups(fmc=fmc)
    # Grab your existing object
    net_grp.name = "NET_OBJ_GRP01"
    net_grp.get()

    # Depending on the contents of your object you will have networks as literals (unnamed networks) or as objects (named networks)
    # logging.info(net_grp.__dict__)
    # logging.info(net_grp.literals)
    # logging.info(net_grp.objects)

    # I am adding a literal (unnamed_network) to my existing object. There is no front facing loop to populate with the existing values
    # This is because the net_grp.get() has already done this for me.
    net_grp.unnamed_networks(action="add", value="3.3.3.0/24")
    # logging.info(net_grp.literals) # Will show you that your newly added literal (unnamed_network) is in the object along with your pre-existing config

    # We use the put() method in order to modify an object that already exists
    net_grp.put()

As an additional note, this is all done to the object that is instantiated. I have seen other coworkers get a confused by this because they are more used to treating the methods we use in this library as direct responses from the api:

response = net_grp.get()

And then manipulating the response above and then trying to shove that response back into the api. Doing this is doable, but you are losing out on a lot of the extra bits of code in the library that are trying to make your life easier such as in this case net_grp.get(), when net_grp.name is defined, will grab the object you need and already have the existing values in the object for you to modify instead of having to "add all the existing named objects one by one through a loop" like you are saying you are having to do.

Finally, if you are not yet aware, there are some examples given in unit_tests folder in the root of the repo. There is not put() example for networkgroups, but those tests do serve as a form of documentation of how to use each object and often have comments in case there is something special that is needed to be known when using said object.

[giovanniaugusto-cs50]

Thank you for your response, I could work my way through it but now I found another roadblock.

Trying to add a Null0 route I cannot process it since it requires a gateway but null routes in FTD does not take any gateway specification, also in the API documentation.

How to do it?

Here are the errors:

Without a gateway in the request: WARNING:root:post() method failed due to failure to pass valid_for_post() test. ERROR:root:Missing value "gateway" for POST request.

With a gateway in the request:

ERROR:root:json_response --> {'error': {'category': 'FRAMEWORK', 'messages': [{'description': 'Gateway can not be configured for Null0 interface'}], 'severity': 'ERROR'}}

On Fri, Apr 19, 2024 at 6:53 PM Zak Lantz @.***> wrote:

What version of FMC are you running and could you post some snippets of the code you are running so I can have an idea of what you are running into on the device records? Then I can better help with that question.

As far as "adding items to an existing FMC network object":

Take this existing network object group NET_OBJ_GRP01 - 1.1.1.0/24, 2.2.2.0/24

But you want to add 3.3.3.0/24 to this group, or really modify this group in any way other than deleting, you would be expected to use the PUT method as you are modifying an object not creating a brand new one as you would with a POST. PUT is also not PATCH, which some other APIs support but FMC does not. PATCH would allow you to add without having to include the existing configuration that you do not wish to change. PUT is more of an overwrite everything to make the modification you wish to make.

Here is some sample code for doing the above

net_grp = fmcapi.NetworkGroups(fmc=fmc)
# Grab your existing object
net_grp.name = "NET_OBJ_GRP01"
net_grp.get()

# Depending on the contents of your object you will have networks as literals (unnamed networks) or as objects (named networks)
# logging.info(net_grp.__dict__)
# logging.info(net_grp.literals)
# logging.info(net_grp.objects)

# I am adding a literal (unnamed_network) to my existing object. There is no front facing loop to populate with the existing values
# This is because the net_grp.get() has already done this for me.
net_grp.unnamed_networks(action="add", value="3.3.3.0/24")
# logging.info(net_grp.literals) # Will show you that your newly added literal (unnamed_network) is in the object along with your pre-existing config

# We use the put() method in order to modify an object that already exists
net_grp.put()

As an additional note, this is all done to the object that is instantiated. I have seen other coworkers get a confused by this because they are more used to treating the methods we use in this library as direct responses from the api:

response = net_grp.get()

And then manipulating the response above and then trying to shove that response back into the api. Doing this is doable, but you are losing out on a lot of the extra bits of code in the library that are trying to make your life easier such as in this case net_grp.get(), when net_grp.name is defined, will grab the object you need and already have the existing values in the object for you to modify instead of having to "add all the existing named objects one by one through a loop" like you are saying you are having to do.

Finally, if you are not yet aware, there are some examples given in unit_tests folder in the root of the repo. There is not put() example for networkgroups, but those tests do serve as a form of documentation of how to use each object and often have comments in case there is something special that is needed to be known when using said object.

— Reply to this email directly, view it on GitHub https://github.com/marksull/fmcapi/issues/194#issuecomment-2066943194, or unsubscribe https://github.com/notifications/unsubscribe-auth/BHOZXJAYARUP7VQ2EZBK6QDY6FD2PAVCNFSM6AAAAABGPHAFGKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRWHE2DGMJZGQ . You are receiving this because you authored the thread.Message ID: @.***>

[manofcolombia]

This is a result of the class enforcing a gateway for any post request regardless what your interface is. Null0 route indeed expects no gateway to be given to the api.

      "interfaceName": "Null0",
      "selectedNetworks": [
        {
          "type": "Host",
          "overridable": false,
          "id": "40A6B737-FDDC-0ed3-0000-227637554499",
          "name": "10.247.236.10"
        }
      ],
      "metricValue": 1,
      "type": "IPv4StaticRoute",
      "isTunneled": false,
      "id": "40A6B737-FDDC-0ed3-0000-231928486828"

So we can look into putting a check in to see if Null0 is the interfaceName and then override the requirement for gateway on post.

[giovanniaugusto-cs50]

Thank you, that would be great

On Thu, May 2, 2024 at 4:36 PM Zak Lantz @.***> wrote:

This is a result of the class enforcing a gateway for any post request regardless what your interface is. Null0 route indeed expects no gateway to be given to the api.

  "interfaceName": "Null0",
  "selectedNetworks": [
    {
      "type": "Host",
      "overridable": false,
      "id": "40A6B737-FDDC-0ed3-0000-227637554499",
      "name": "10.247.236.10"
    }
  ],
  "metricValue": 1,
  "type": "IPv4StaticRoute",
  "isTunneled": false,
  "id": "40A6B737-FDDC-0ed3-0000-231928486828"

So we can look into putting a check in to see if Null0 is the interfaceName and then override the requirement for gateway on post.

— Reply to this email directly, view it on GitHub https://github.com/marksull/fmcapi/issues/194#issuecomment-2090653315, or unsubscribe https://github.com/notifications/unsubscribe-auth/BHOZXJE7CA3TCLZB2NXI55LZAJFN7AVCNFSM6AAAAABGPHAFGKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJQGY2TGMZRGU . You are receiving this because you authored the thread.Message ID: @.***>

[manofcolombia]

@giovanniaugusto-cs50 PR #199 should take care of your Null0 route gateway issue once approved/merged.

[giovanniaugusto-cs50]

Thank you

On Thu, May 2, 2024, 22:59 Zak Lantz @.***> wrote:

@giovanniaugusto-cs50 https://github.com/giovanniaugusto-cs50 PR #199 https://github.com/marksull/fmcapi/pull/199 should take care of your Null0 route gateway issue once approved/merged.

— Reply to this email directly, view it on GitHub https://github.com/marksull/fmcapi/issues/194#issuecomment-2091563414, or unsubscribe https://github.com/notifications/unsubscribe-auth/BHOZXJATENJXXFROLJSLORDZAKSKPAVCNFSM6AAAAABGPHAFGKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJRGU3DGNBRGQ . You are receiving this because you were mentioned.Message ID: @.***>