search

marksull / fmcapi

A Python package designed to help users of Cisco's FMC interface with its API.
BSD 3-Clause "New" or "Revised" License
81 stars 57 forks source link

access-control-policy for source and destination is not working #43

Closed khaismael closed 5 years ago

khaismael commented 5 years ago

this one is not working for me hq_acprule.destination_network(action='add', name='any-ipv4')

def main(): with fmcapi.FMC(host=host, username=username, password=password, autodeploy=autodeploy) as fmc1:

    hq_acprule = fmcapi.ACPRule(fmc=fmc1,
                                acp_name='ACP Policy',
                                name='Permit HQ LAN6',
                                action='ALLOW',
                                enabled=True,
                                )
    hq_acprule.source_zone(action='add', name='inside')
    #hq_acprule.
    hq_acprule.logEnd = True
    hq_acprule.source_network(action='add', name='any-ipv4')
    hq_acprule.post()

getting this error: INFO:root:Requesting new tokens from https://10.122.109.122/api/fmc_platform/v1/auth/generatetoken. INFO:root:Building base to URLs. INFO:root:Collecting version information from FMC. INFO:root:Populating vdbVersion, sruVersion, serverVersion, and geoVersion FMC instance variables. INFO:root:Adjusting name "ACP Policy" to "ACP_Policy" due to containing invalid characters. INFO:root:GET success. Object with name: "ACP_Policy" and id: "005056A4-7E46-0ed3-0000-025769803796" fetched from FMC. INFO:root:GET success. Object with name: "inside" and id: "ecb6ea9a-972c-11e9-b754-3c4dafd54627" fetched from FMC. INFO:root:Adding "inside" to sourceZones for this ACPRule. INFO:root:GET query for object with no name or id set. Returning full list of these object types instead. INFO:root:GET query for object with no name or id set. Returning full list of these object types instead. INFO:root:GET query for object with no name or id set. Returning full list of these object types instead. ERROR:root:Error in POST operation --> 404 Client Error: Not Found for url: https://10.122.109.122/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/object/fqdns?expanded=true&limit=25 ERROR:root:json_response --> {'error': {'category': 'FRAMEWORK', 'messages': [{'description': 'Invalid URL'}], 'severity': 'ERROR'}} INFO:root:Auto deploy changes set to False. Use the Deploy button in FMC to push changes to FTDs.

Traceback (most recent call last): File "C:/Users/T470s/AppData/Local/Programs/Python/Python37/Lib/idlelib/testFMC.py", line 44, in main() File "C:/Users/T470s/AppData/Local/Programs/Python/Python37/Lib/idlelib/testFMC.py", line 25, in main hq_acprule.source_network(action='add', name='any-ipv4') File "C:\Users\T470s\AppData\Local\Programs\Python\Python37\lib\site-packages\fmcapi\api_objects\acprule.py", line 502, in source_network fqdns_json = FQDNS(fmc=self.fmc).get() File "C:\Users\T470s\AppData\Local\Programs\Python\Python37\lib\site-packages\fmcapi\api_objects\apiclasstemplate.py", line 149, in get if 'items' not in response: TypeError: argument of type 'NoneType' is not iterable

daxm commented 5 years ago

I think the issue is that there is no object called 'any-ipv4'. What I think you want/need is 'ipv4-any'.

That said, we should fail more gracefully if this type of thing happens.

daxm commented 5 years ago

Working with khaismael and we found it was due to the FQDNS API feature not being available in his older version of FMC code. So, we've monkey patched it in his system and I'm working on developing a more holistic solution to this problem.

daxm commented 5 years ago

I might change how I fixed this but it is in release 20180828.0