Closed salsop closed 4 years ago
The best I can do for you at the moment is to refer you to the "unit_test" examples. They are there to not only test the functionality of the API action in question but also to "show" an example of how to use the fmcapi feature associated to that API action. Auto-NAT Rules: https://github.com/daxm/fmcapi/blob/master/unit_tests/autonat.py Manual-NAT Rules: https://github.com/daxm/fmcapi/blob/master/unit_tests/manualnat.py
The scripts in the "example" directory also have NAT rule and policy creation in them. You might like those as they are targeted more to implementation than testing.
Let me know if this is sufficient to get you going!
I've created this to list out the NAT Polcies and names, but I can't figure out a way to get a list of the Rules, any pointers would be appreciated:
with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION:
CISCO_FMC_OBJECT = FTDNatPolicies(fmc=FMC_CONNECTION)
CISCO_FMC_NAT_POLCIES = CISCO_FMC_OBJECT.get()['items']
print('=' * 100)
for CISCO_FMC_NAT_POLICY in CISCO_FMC_NAT_POLCIES:
logging.info(CISCO_FMC_NAT_POLICY['id'] + ':' + CISCO_FMC_NAT_POLICY['name'])
I don't think you are using fmcapi correctly (or rather, there is a better way).
How about this:
with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION: # Depending on whether your NAT Policy is "auto" or "manual" choose 1 if NAT_RULE == "auto": CISCO_FMC_OBJECT = AutoNatRules(fmc=FMC_CONNECTION) elif NAT_RULE == "manual": CISCO_FMC_OBJECT = ManualNatRules(fmc=FMC_CONNECTION)
# Now get the info CISCO_FMC_OBJECT.nat_policy(name="My NAT Policy's Name") # Identify the NAT Policy from which you want to get the rules. CISCO_FMC_OBJECT.get() # Get the rules.
# Print the rules: for rule in CISCO_FMC_OBJECT print(rule)
Granted, I haven't tested the above code as I just typed it out here in this email, but the general concept (or difference) in how you are doing it is that I'm "GET"ing the rules related to a specific NAT Policy. The code you provided seems to only related to the "parent" object (aka the NAT Policy).
||On 2/2/20 3:15 PM, Steve Alsop wrote:
I've created this to list out the NAT Polcies and names, but I can't figure out a way to get a list of the Rules, any pointers would be appreciated:
|with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION: CISCO_FMC_OBJECT = FTDNatPolicies(fmc=FMC_CONNECTION) CISCO_FMC_NAT_POLCIES = CISCO_FMC_OBJECT.get()['items'] print('=' * 100) for CISCO_FMC_NAT_POLICY in CISCO_FMC_NAT_POLCIES: # print(CISCO_FMC_NAT_POLICY) logging.info(CISCO_FMC_NAT_POLICY['id'] + ':' + CISCO_FMC_NAT_POLICY['name'])|
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/daxm/fmcapi/issues/57?email_source=notifications&email_token=AAZOMZ6UEQPNZ3TIXU43EU3RA5AYVA5CNFSM4KOOBXN2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKSCPWI#issuecomment-581183449, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZOMZ7NVVNRYYPQLFHGQ73RA5AYVANCNFSM4KOOBXNQ.
Thanks for the guidance, I've tried something like this too, and it looks like it does fetch the rules, but I get an error and I'm not sure why, or if I'm just using the resultant object wrong?
INFO:root:00000000-0000-0000-0000-0000000000:NAT_POLICY
INFO:root:GET success. Object with name: "NAT_POLICY" and id: "00000000-0000-0000-0000-00000000000" fetched from FMC.
<fmcapi.api_objects.policy_services.autonatrules.AutoNatRules object at 0x10cb9ad30>
INFO:root:Auto deploy changes set to False. Use the Deploy button in FMC to push changes to FTDs.
Traceback (most recent call last):
File "./extractnat.py", line 513, in
export_nats()
File "./extractnat.py", line 496, in export_nats
for CISCO_FMC_NAT_RULE in CISCO_FMC_NAT_RULES:
TypeError: 'AutoNatRules' object is not iterable
Any help would be appreciated.
Steve
On Mon, Feb 3, 2020 at 3:37 PM daxm notifications@github.com wrote:
I don't think you are using fmcapi correctly (or rather, there is a better way).
How about this:
with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION:
Depending on whether your NAT Policy is "auto" or "manual" choose 1
if NAT_RULE == "auto": CISCO_FMC_OBJECT = AutoNatRules(fmc=FMC_CONNECTION) elif NAT_RULE == "manual": CISCO_FMC_OBJECT = ManualNatRules(fmc=FMC_CONNECTION) # Now get the info CISCO_FMC_OBJECT.nat_policy(name="My NAT Policy's Name") #
Identify the NAT Policy from which you want to get the rules. CISCO_FMC_OBJECT.get() # Get the rules.
# Print the rules: for rule in CISCO_FMC_OBJECT print(rule)
Granted, I haven't tested the above code as I just typed it out here in this email, but the general concept (or difference) in how you are doing it is that I'm "GET"ing the rules related to a specific NAT Policy. The code you provided seems to only related to the "parent" object (aka the NAT Policy).
||On 2/2/20 3:15 PM, Steve Alsop wrote:
I've created this to list out the NAT Polcies and names, but I can't figure out a way to get a list of the Rules, any pointers would be appreciated:
|with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION: CISCO_FMC_OBJECT = FTDNatPolicies(fmc=FMC_CONNECTION) CISCO_FMC_NAT_POLCIES = CISCO_FMC_OBJECT.get()['items'] print('=' * 100) for CISCO_FMC_NAT_POLICY in CISCO_FMC_NAT_POLCIES: # print(CISCO_FMC_NAT_POLICY) logging.info(CISCO_FMC_NAT_POLICY['id'] + ':' + CISCO_FMC_NAT_POLICY['name'])|
— You are receiving this because you commented. Reply to this email directly, view it on GitHub < https://github.com/daxm/fmcapi/issues/57?email_source=notifications&email_token=AAZOMZ6UEQPNZ3TIXU43EU3RA5AYVA5CNFSM4KOOBXN2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKSCPWI#issuecomment-581183449>,
or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAZOMZ7NVVNRYYPQLFHGQ73RA5AYVANCNFSM4KOOBXNQ .
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/daxm/fmcapi/issues/57?email_source=notifications&email_token=AHEZ4ZZTOGCRBNTUEZ6R4CLRBA2Z7A5CNFSM4KOOBXN2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKUJD3A#issuecomment-581472748, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHEZ4Z2WEUGWAQH7QWOTYFLRBA2Z7ANCNFSM4KOOBXNQ .
Print out what CISCO_FMC_NAT_RULES contains. You might needs to dig into it before iterating.
It is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring. — Carl Sagan
On Feb 3, 2020, at 15:50, Steve Alsop notifications@github.com wrote:
Thanks for the guidance, I've tried something like this too, and it looks like it does fetch the rules, but I get an error and I'm not sure why, or if I'm just using the resultant object wrong?
INFO:root:00000000-0000-0000-0000-0000000000:NAT_POLICY
INFO:root:GET success. Object with name: "NAT_POLICY" and id: "00000000-0000-0000-0000-00000000000" fetched from FMC.
<fmcapi.api_objects.policy_services.autonatrules.AutoNatRules object at 0x10cb9ad30>
INFO:root:Auto deploy changes set to False. Use the Deploy button in FMC to push changes to FTDs.
Traceback (most recent call last):
File "./extractnat.py", line 513, in
export_nats()
File "./extractnat.py", line 496, in export_nats
for CISCO_FMC_NAT_RULE in CISCO_FMC_NAT_RULES:
TypeError: 'AutoNatRules' object is not iterable
Any help would be appreciated.
Steve
On Mon, Feb 3, 2020 at 3:37 PM daxm notifications@github.com wrote:
I don't think you are using fmcapi correctly (or rather, there is a better way).
How about this:
with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION:
Depending on whether your NAT Policy is "auto" or "manual" choose 1
if NAT_RULE == "auto": CISCO_FMC_OBJECT = AutoNatRules(fmc=FMC_CONNECTION) elif NAT_RULE == "manual": CISCO_FMC_OBJECT = ManualNatRules(fmc=FMC_CONNECTION)
Now get the info
CISCO_FMC_OBJECT.nat_policy(name="My NAT Policy's Name") # Identify the NAT Policy from which you want to get the rules. CISCO_FMC_OBJECT.get() # Get the rules.
Print the rules:
for rule in CISCO_FMC_OBJECT print(rule)
Granted, I haven't tested the above code as I just typed it out here in this email, but the general concept (or difference) in how you are doing it is that I'm "GET"ing the rules related to a specific NAT Policy. The code you provided seems to only related to the "parent" object (aka the NAT Policy).
||On 2/2/20 3:15 PM, Steve Alsop wrote:
I've created this to list out the NAT Polcies and names, but I can't figure out a way to get a list of the Rules, any pointers would be appreciated:
|with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION: CISCO_FMC_OBJECT = FTDNatPolicies(fmc=FMC_CONNECTION) CISCO_FMC_NAT_POLCIES = CISCO_FMC_OBJECT.get()['items'] print('=' * 100) for CISCO_FMC_NAT_POLICY in CISCO_FMC_NAT_POLCIES: # print(CISCO_FMC_NAT_POLICY) logging.info(CISCO_FMC_NAT_POLICY['id'] + ':' + CISCO_FMC_NAT_POLICY['name'])|
— You are receiving this because you commented. Reply to this email directly, view it on GitHub < https://github.com/daxm/fmcapi/issues/57?email_source=notifications&email_token=AAZOMZ6UEQPNZ3TIXU43EU3RA5AYVA5CNFSM4KOOBXN2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKSCPWI#issuecomment-581183449>,
or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAZOMZ7NVVNRYYPQLFHGQ73RA5AYVANCNFSM4KOOBXNQ .
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/daxm/fmcapi/issues/57?email_source=notifications&email_token=AHEZ4ZZTOGCRBNTUEZ6R4CLRBA2Z7A5CNFSM4KOOBXN2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKUJD3A#issuecomment-581472748, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHEZ4Z2WEUGWAQH7QWOTYFLRBA2Z7ANCNFSM4KOOBXNQ .
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
Got it all working! Thanks very much for all the help! Really appreciate it. :)
Care to post your final code so others who might struggle can use it?
On 2/3/20 11:34 PM, Steve Alsop wrote:
Got it all working! Thanks very much for all the help! Really appreciate it. :)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/daxm/fmcapi/issues/57?email_source=notifications&email_token=AAZOMZ47BOHB2737RJ4U7MTRBED7XA5CNFSM4KOOBXN2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKWQH4Y#issuecomment-581764083, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZOMZZ5FBN4J4SACNBTAZDRBED7XANCNFSM4KOOBXNQ.
Here you go, this is what I ended with:
`def export_nats(): logging.info('Export Cisco FMC NAT Policies') with FMC(host=CISCO_FMC_HOSTNAME, username=CISCO_FMC_USERNAME, password=CISCO_FMC_PASSWORD, autodeploy=False) as FMC_CONNECTION: CISCO_FMC_OBJECT = FTDNatPolicies(fmc=FMC_CONNECTION) CISCO_FMC_NAT_POLCIES = CISCO_FMC_OBJECT.get()['items'] for CISCO_FMC_NAT_POLICY in CISCO_FMC_NAT_POLCIES: logging.info(CISCO_FMC_NAT_POLICY['id'] + ':' + CISCO_FMC_NAT_POLICY['name']) CISCO_FMC_NAT_OBJECT = ManualNatRules(fmc=FMC_CONNECTION)
CISCO_FMC_NAT_OBJECT.nat_policy(name=CISCO_FMC_NAT_POLICY['name'])
CISCO_FMC_NAT_RULES = CISCO_FMC_NAT_OBJECT.get()['items']
for CISCO_FMC_NAT_RULE in CISCO_FMC_NAT_RULES:
print(CISCO_FMC_NAT_RULE)
print('Name................................: ' + str(CISCO_FMC_NAT_RULE['metadata']['index']))
if CISCO_FMC_NAT_RULE.get('sourceInterface'):
print('Source - Interface.............: ' + CISCO_FMC_NAT_RULE['sourceInterface']['name'])
if CISCO_FMC_NAT_RULE.get('originalSource'):
print('Source - Original IP...........: ' + CISCO_FMC_NAT_RULE['originalSource']['name'])
if CISCO_FMC_NAT_RULE.get('originalSourcePort'):
print('Source - Original Service......: ' + CISCO_FMC_NAT_RULE['originalSourcePort']['name'])
if CISCO_FMC_NAT_RULE.get('translatedSource'):
print('Source - Translated IP.........: ' + CISCO_FMC_NAT_RULE['translatedSource']['name'])
if CISCO_FMC_NAT_RULE.get('destinationInterface'):
print('Destination - Interface.............: ' + CISCO_FMC_NAT_RULE['destinationInterface']['name'])
if CISCO_FMC_NAT_RULE.get('originalDestination'):
print('Destination - Original IP...........: ' + CISCO_FMC_NAT_RULE['originalDestination']['name'])
if CISCO_FMC_NAT_RULE.get('translatedDestination'):
print('Destination - Translated IP.........: ' + CISCO_FMC_NAT_RULE['translatedDestination']['name'])
if CISCO_FMC_NAT_RULE.get('translatedSourcePort'):
print('Source - Translated Service....: ' + CISCO_FMC_NAT_RULE['translatedSourcePort']['name'])
print('Enabled.............................: ' + str(CISCO_FMC_NAT_RULE['enabled']))
print('NAT Type............................: ' + CISCO_FMC_NAT_RULE['natType'])
if CISCO_FMC_NAT_RULE.get('description'):
print('Description........................: ' + CISCO_FMC_NAT_RULE['description'])
`
Since fmcapi requires Python3 I felt I could give you a programming hint related to your print() statements: (Hint, research using f-strings) For example: print(f"Name................................: {str(CISCO_FMC_NAT_RULE['metadata']['index'])}")
Just makes the whole print statement layout easier to read. :-)
Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
I'm trying to create a script to export all the NAT rules into a CSV, but I can't quite get it working the way I want so wondering if you had a working example that you could share?
Describe the solution you'd like A clear and concise description of what you want to happen.
Working Example would be great, or a few pointers?
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
I've looked around and at the module, but can only get a list of the NAT Policies so far not the actual NAT rules. I may be missing something obvious.
Additional context Add any other context or screenshots about the feature request here.