search

marksull / fmcapi

A Python package designed to help users of Cisco's FMC interface with its API.
BSD 3-Clause "New" or "Revised" License
81 stars 57 forks source link

Docmentation: List All NAT Rules #57

Closed salsop closed 4 years ago

salsop commented 4 years ago

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

I'm trying to create a script to export all the NAT rules into a CSV, but I can't quite get it working the way I want so wondering if you had a working example that you could share?

Describe the solution you'd like A clear and concise description of what you want to happen.

Working Example would be great, or a few pointers?

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

I've looked around and at the module, but can only get a list of the NAT Policies so far not the actual NAT rules. I may be missing something obvious.

Additional context Add any other context or screenshots about the feature request here.

daxm commented 4 years ago

The best I can do for you at the moment is to refer you to the "unit_test" examples. They are there to not only test the functionality of the API action in question but also to "show" an example of how to use the fmcapi feature associated to that API action. Auto-NAT Rules: https://github.com/daxm/fmcapi/blob/master/unit_tests/autonat.py Manual-NAT Rules: https://github.com/daxm/fmcapi/blob/master/unit_tests/manualnat.py

The scripts in the "example" directory also have NAT rule and policy creation in them. You might like those as they are targeted more to implementation than testing.

Let me know if this is sufficient to get you going!

salsop commented 4 years ago

I've created this to list out the NAT Polcies and names, but I can't figure out a way to get a list of the Rules, any pointers would be appreciated:

with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION: CISCO_FMC_OBJECT = FTDNatPolicies(fmc=FMC_CONNECTION) CISCO_FMC_NAT_POLCIES = CISCO_FMC_OBJECT.get()['items'] print('=' * 100) for CISCO_FMC_NAT_POLICY in CISCO_FMC_NAT_POLCIES: logging.info(CISCO_FMC_NAT_POLICY['id'] + ':' + CISCO_FMC_NAT_POLICY['name'])

daxm commented 4 years ago

I don't think you are using fmcapi correctly (or rather, there is a better way).

How about this:

with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION:     # Depending on whether your NAT Policy is "auto" or "manual" choose 1     if NAT_RULE == "auto":         CISCO_FMC_OBJECT = AutoNatRules(fmc=FMC_CONNECTION)     elif NAT_RULE == "manual":         CISCO_FMC_OBJECT = ManualNatRules(fmc=FMC_CONNECTION)

    # Now get the info     CISCO_FMC_OBJECT.nat_policy(name="My NAT Policy's Name")   # Identify the NAT Policy from which you want to get the rules.     CISCO_FMC_OBJECT.get()  # Get the rules.

    # Print the rules:     for rule in CISCO_FMC_OBJECT         print(rule)

Granted, I haven't tested the above code as I just typed it out here in this email, but the general concept (or difference) in how you are doing it is that I'm "GET"ing the rules related to a specific NAT Policy.  The code you provided seems to only related to the "parent" object (aka the NAT Policy).

||On 2/2/20 3:15 PM, Steve Alsop wrote:

I've created this to list out the NAT Polcies and names, but I can't figure out a way to get a list of the Rules, any pointers would be appreciated:

|with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION: CISCO_FMC_OBJECT = FTDNatPolicies(fmc=FMC_CONNECTION) CISCO_FMC_NAT_POLCIES = CISCO_FMC_OBJECT.get()['items'] print('=' * 100) for CISCO_FMC_NAT_POLICY in CISCO_FMC_NAT_POLCIES: # print(CISCO_FMC_NAT_POLICY) logging.info(CISCO_FMC_NAT_POLICY['id'] + ':' + CISCO_FMC_NAT_POLICY['name'])|

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/daxm/fmcapi/issues/57?email_source=notifications&email_token=AAZOMZ6UEQPNZ3TIXU43EU3RA5AYVA5CNFSM4KOOBXN2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKSCPWI#issuecomment-581183449, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZOMZ7NVVNRYYPQLFHGQ73RA5AYVANCNFSM4KOOBXNQ.

salsop commented 4 years ago

Thanks for the guidance, I've tried something like this too, and it looks like it does fetch the rules, but I get an error and I'm not sure why, or if I'm just using the resultant object wrong?

INFO:root:00000000-0000-0000-0000-0000000000:NAT_POLICY

INFO:root:GET success. Object with name: "NAT_POLICY" and id: "00000000-0000-0000-0000-00000000000" fetched from FMC.

<fmcapi.api_objects.policy_services.autonatrules.AutoNatRules object at 0x10cb9ad30>

INFO:root:Auto deploy changes set to False. Use the Deploy button in FMC to push changes to FTDs.

Traceback (most recent call last):

File "./extractnat.py", line 513, in 

export_nats()

File "./extractnat.py", line 496, in export_nats

for CISCO_FMC_NAT_RULE in CISCO_FMC_NAT_RULES:

TypeError: 'AutoNatRules' object is not iterable

Any help would be appreciated.

Steve

On Mon, Feb 3, 2020 at 3:37 PM daxm notifications@github.com wrote:

I don't think you are using fmcapi correctly (or rather, there is a better way).

How about this:

with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION:

Depending on whether your NAT Policy is "auto" or "manual" choose 1

if NAT_RULE == "auto":
    CISCO_FMC_OBJECT = AutoNatRules(fmc=FMC_CONNECTION)
elif NAT_RULE == "manual":
    CISCO_FMC_OBJECT = ManualNatRules(fmc=FMC_CONNECTION)

# Now get the info
CISCO_FMC_OBJECT.nat_policy(name="My NAT Policy's Name")   #

Identify the NAT Policy from which you want to get the rules. CISCO_FMC_OBJECT.get() # Get the rules.

# Print the rules:
for rule in CISCO_FMC_OBJECT
    print(rule)

Granted, I haven't tested the above code as I just typed it out here in this email, but the general concept (or difference) in how you are doing it is that I'm "GET"ing the rules related to a specific NAT Policy. The code you provided seems to only related to the "parent" object (aka the NAT Policy).

||On 2/2/20 3:15 PM, Steve Alsop wrote:

I've created this to list out the NAT Polcies and names, but I can't figure out a way to get a list of the Rules, any pointers would be appreciated:

|with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION: CISCO_FMC_OBJECT = FTDNatPolicies(fmc=FMC_CONNECTION) CISCO_FMC_NAT_POLCIES = CISCO_FMC_OBJECT.get()['items'] print('=' * 100) for CISCO_FMC_NAT_POLICY in CISCO_FMC_NAT_POLCIES: # print(CISCO_FMC_NAT_POLICY) logging.info(CISCO_FMC_NAT_POLICY['id'] + ':' + CISCO_FMC_NAT_POLICY['name'])|

— You are receiving this because you commented. Reply to this email directly, view it on GitHub < https://github.com/daxm/fmcapi/issues/57?email_source=notifications&email_token=AAZOMZ6UEQPNZ3TIXU43EU3RA5AYVA5CNFSM4KOOBXN2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKSCPWI#issuecomment-581183449>,

or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAZOMZ7NVVNRYYPQLFHGQ73RA5AYVANCNFSM4KOOBXNQ .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/daxm/fmcapi/issues/57?email_source=notifications&email_token=AHEZ4ZZTOGCRBNTUEZ6R4CLRBA2Z7A5CNFSM4KOOBXN2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKUJD3A#issuecomment-581472748, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHEZ4Z2WEUGWAQH7QWOTYFLRBA2Z7ANCNFSM4KOOBXNQ .

daxm commented 4 years ago

Print out what CISCO_FMC_NAT_RULES contains. You might needs to dig into it before iterating.

It is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring. — Carl Sagan

On Feb 3, 2020, at 15:50, Steve Alsop notifications@github.com wrote:

Thanks for the guidance, I've tried something like this too, and it looks like it does fetch the rules, but I get an error and I'm not sure why, or if I'm just using the resultant object wrong?

INFO:root:00000000-0000-0000-0000-0000000000:NAT_POLICY

INFO:root:GET success. Object with name: "NAT_POLICY" and id: "00000000-0000-0000-0000-00000000000" fetched from FMC.

<fmcapi.api_objects.policy_services.autonatrules.AutoNatRules object at 0x10cb9ad30>

INFO:root:Auto deploy changes set to False. Use the Deploy button in FMC to push changes to FTDs.

Traceback (most recent call last):

File "./extractnat.py", line 513, in

export_nats()

File "./extractnat.py", line 496, in export_nats

for CISCO_FMC_NAT_RULE in CISCO_FMC_NAT_RULES:

TypeError: 'AutoNatRules' object is not iterable

Any help would be appreciated.

Steve

On Mon, Feb 3, 2020 at 3:37 PM daxm notifications@github.com wrote:

I don't think you are using fmcapi correctly (or rather, there is a better way).

How about this:

with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION:

Depending on whether your NAT Policy is "auto" or "manual" choose 1

if NAT_RULE == "auto": CISCO_FMC_OBJECT = AutoNatRules(fmc=FMC_CONNECTION) elif NAT_RULE == "manual": CISCO_FMC_OBJECT = ManualNatRules(fmc=FMC_CONNECTION)

Now get the info

CISCO_FMC_OBJECT.nat_policy(name="My NAT Policy's Name") # Identify the NAT Policy from which you want to get the rules. CISCO_FMC_OBJECT.get() # Get the rules.

Print the rules:

for rule in CISCO_FMC_OBJECT print(rule)

Granted, I haven't tested the above code as I just typed it out here in this email, but the general concept (or difference) in how you are doing it is that I'm "GET"ing the rules related to a specific NAT Policy. The code you provided seems to only related to the "parent" object (aka the NAT Policy).

||On 2/2/20 3:15 PM, Steve Alsop wrote:

I've created this to list out the NAT Polcies and names, but I can't figure out a way to get a list of the Rules, any pointers would be appreciated:

|with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION: CISCO_FMC_OBJECT = FTDNatPolicies(fmc=FMC_CONNECTION) CISCO_FMC_NAT_POLCIES = CISCO_FMC_OBJECT.get()['items'] print('=' * 100) for CISCO_FMC_NAT_POLICY in CISCO_FMC_NAT_POLCIES: # print(CISCO_FMC_NAT_POLICY) logging.info(CISCO_FMC_NAT_POLICY['id'] + ':' + CISCO_FMC_NAT_POLICY['name'])|

— You are receiving this because you commented. Reply to this email directly, view it on GitHub < https://github.com/daxm/fmcapi/issues/57?email_source=notifications&email_token=AAZOMZ6UEQPNZ3TIXU43EU3RA5AYVA5CNFSM4KOOBXN2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKSCPWI#issuecomment-581183449>,

or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAZOMZ7NVVNRYYPQLFHGQ73RA5AYVANCNFSM4KOOBXNQ .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/daxm/fmcapi/issues/57?email_source=notifications&email_token=AHEZ4ZZTOGCRBNTUEZ6R4CLRBA2Z7A5CNFSM4KOOBXN2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKUJD3A#issuecomment-581472748, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHEZ4Z2WEUGWAQH7QWOTYFLRBA2Z7ANCNFSM4KOOBXNQ .

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

salsop commented 4 years ago

Got it all working! Thanks very much for all the help! Really appreciate it. :)

daxm commented 4 years ago

Care to post your final code so others who might struggle can use it?

On 2/3/20 11:34 PM, Steve Alsop wrote:

Got it all working! Thanks very much for all the help! Really appreciate it. :)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/daxm/fmcapi/issues/57?email_source=notifications&email_token=AAZOMZ47BOHB2737RJ4U7MTRBED7XA5CNFSM4KOOBXN2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKWQH4Y#issuecomment-581764083, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZOMZZ5FBN4J4SACNBTAZDRBED7XANCNFSM4KOOBXNQ.

salsop commented 4 years ago

Here you go, this is what I ended with:

`def export_nats(): logging.info('Export Cisco FMC NAT Policies') with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION: CISCO_FMC_OBJECT = FTDNatPolicies(fmc=FMC_CONNECTION) CISCO_FMC_NAT_POLCIES = CISCO_FMC_OBJECT.get()['items'] for CISCO_FMC_NAT_POLICY in CISCO_FMC_NAT_POLCIES: logging.info(CISCO_FMC_NAT_POLICY['id'] + ':' + CISCO_FMC_NAT_POLICY['name']) CISCO_FMC_NAT_OBJECT = ManualNatRules(fmc=FMC_CONNECTION)

CISCO_FMC_NAT_RULES = AutoNatRules(fmc=FMC_CONNECTION)

        CISCO_FMC_NAT_OBJECT.nat_policy(name=CISCO_FMC_NAT_POLICY['name'])
        CISCO_FMC_NAT_RULES = CISCO_FMC_NAT_OBJECT.get()['items']

        for CISCO_FMC_NAT_RULE in CISCO_FMC_NAT_RULES:
            print(CISCO_FMC_NAT_RULE)
            print('Name................................: ' + str(CISCO_FMC_NAT_RULE['metadata']['index']))

            if CISCO_FMC_NAT_RULE.get('sourceInterface'):
                print('Source      - Interface.............: ' + CISCO_FMC_NAT_RULE['sourceInterface']['name'])

            if CISCO_FMC_NAT_RULE.get('originalSource'):
                print('Source      - Original IP...........: ' + CISCO_FMC_NAT_RULE['originalSource']['name'])

            if CISCO_FMC_NAT_RULE.get('originalSourcePort'):
                print('Source      - Original Service......: ' + CISCO_FMC_NAT_RULE['originalSourcePort']['name'])

            if CISCO_FMC_NAT_RULE.get('translatedSource'):
                print('Source      - Translated IP.........: ' + CISCO_FMC_NAT_RULE['translatedSource']['name'])

            if CISCO_FMC_NAT_RULE.get('destinationInterface'):
                print('Destination - Interface.............: ' + CISCO_FMC_NAT_RULE['destinationInterface']['name'])

            if CISCO_FMC_NAT_RULE.get('originalDestination'):
                print('Destination - Original IP...........: ' + CISCO_FMC_NAT_RULE['originalDestination']['name'])

            if CISCO_FMC_NAT_RULE.get('translatedDestination'):
                print('Destination - Translated IP.........: ' + CISCO_FMC_NAT_RULE['translatedDestination']['name'])

            if CISCO_FMC_NAT_RULE.get('translatedSourcePort'):
                print('Source      - Translated Service....: ' + CISCO_FMC_NAT_RULE['translatedSourcePort']['name'])

            print('Enabled.............................: ' + str(CISCO_FMC_NAT_RULE['enabled']))

            print('NAT Type............................: ' + CISCO_FMC_NAT_RULE['natType'])

            if CISCO_FMC_NAT_RULE.get('description'):
                print('Description........................: ' + CISCO_FMC_NAT_RULE['description'])

`

daxm commented 4 years ago

Since fmcapi requires Python3 I felt I could give you a programming hint related to your print() statements: (Hint, research using f-strings) For example: print(f"Name................................: {str(CISCO_FMC_NAT_RULE['metadata']['index'])}")

Just makes the whole print statement layout easier to read. :-)