search

rnwolfe / fmc-tools

A collection of tools for common tasks needed on the Cisco Firepower Management Center using a fork of the fireREST library.
40 stars 13 forks source link

Domain different than Global doesn't work #1

Closed lorrangarcia closed 5 years ago

lorrangarcia commented 5 years ago

The domain that I need extract the policys it's different than just Global, but any string that I input works int the script export-acp-to-csv.py.

I set my variables as showed below:

device = '1.1.1.1' username = 'admin' password = 'xxx' domain = 'Global\FTD-DATACENTER' ac_policy = 'AP-DATACENTER'

What the corret string to put in domain, to the script works?

Print 2019-04-10 09 28 03 Print 2019-04-10 09 26 02

Print 2019-04-10 09 32 04

rnwolfe commented 5 years ago

I was not able to test with a domain other than "Global" when creating the script. Let me see if I can get another domain created to mess with and resolve the issue. I will update you!

rnwolfe commented 5 years ago

@lorrangarcia I was able to figure out the issue. It seems the FMC formats these child domains with an extra space after the / for some reason. See the results of the API-returned domains, for example: 

[
    {
        "name": "Global",
        "uuid": "e276abec-e0f2-11e3-8169-6d9ed49b625f"
    },
    {
        "name": "Global/ TEST-DOMAIN",
        "uuid": "1bfe90ae-0249-1d96-dcdd-000000000001"
    }
]

You should be able to update your domain as follows and it work. 

domain = 'Global/ FTD-DATACENTER'

I will push an update to the code with a comment to help with this.

Please let me know if this resolved your issue, and if so please feel free to close the issue.

lorrangarcia commented 5 years ago

Thanks! I will try and update you here.

lorrangarcia commented 5 years ago

I don't know if something was changed, but after I update the script, when I try execute it, I receive another error, that I can't import the libraries needed.

I'm execute the script in Ubuntu, and I reinstalled from zero the SO, but I still receiving the error below.

Print 2019-04-15 08 57 46

rnwolfe commented 5 years ago

Hi @lorrangarcia, it appears you are running using ./. Can you try using python export-acp-to-csv.py?

That is how you ran it before. With the ./ your shell is likely attempting to interpret it as a bash file.

See how you currently ran it in your original screenshot(s):

lorrangarcia commented 5 years ago

Sorry for that... You right! Work's the domain now... But the Access Policy not yet...

Consulting the API-Explorer I get this:

{
  "links": {
    "self": "https://fmc/api/fmc_config/v1/domain/a873c61e-95e5-48e9-a647-000000000001/policy/accesspolicies?offset=0&limit=2"
  },
  "items": [
    {
      "type": "AccessPolicy",
      "links": {
        "self": "https://fmc/api/fmc_config/v1/domain/a873c61e-95e5-48e9-a647-000000000001/policy/accesspolicies/A0239F0E-A0C0-0ed3-0000-073014459010"
      },
      "name": "Staging-ASA",
      "id": "A0239F0E-A0C0-0ed3-0000-073014459010"
    },
    {
      "type": "AccessPolicy",
      "links": {
        "self": "https://fmc/api/fmc_config/v1/domain/a873c61e-95e5-48e9-a647-000000000001/policy/accesspolicies/A0239F0E-A0C0-0ed3-0000-128849055359"
      },
      "name": "AP-DATACENTER",
      "id": "A0239F0E-A0C0-0ed3-0000-128849055359"
    }
  ],
  "paging": {
    "offset": 0,
    "limit": 2,
    "count": 2,
    "pages": 1
  }
}

But the script show this...

Print 2019-04-15 16 21 60

rnwolfe commented 5 years ago

It appears the script is unable to get the ID of the Access Policy name you are specifying (AP-DATACENTER). This is strange as it does appear to match the API Explorer output you shared.

This is the function in the fireREST module that does this: https://github.com/rnwolfe/fmc-tools/blob/master/fireREST/__init__.py#L311

Can you share the variables you are setting in the top of the script? Specifically, the domain and ac_policy (this should be lines 12-13 in export-acp-to-csv.py.

lorrangarcia commented 5 years ago

It appears the script is unable to get the ID of the Access Policy name you are specifying (AP-DATACENTER). This is strange as it does appear to match the API Explorer output you shared.

This is the function in the fireREST module that does this: https://github.com/rnwolfe/fmc-tools/blob/master/fireREST/__init__.py#L311

Can you share the variables you are setting in the top of the script? Specifically, the domain and ac_policy (this should be lines 12-13 in export-acp-to-csv.py.

The domain, works without the space and the "\" that I was trying before, but with "/" and no space.

domain = 'Global/FTD-DATACENTER' ac_policy = 'AP-DATACENTER'

rnwolfe commented 5 years ago

I'm not sure how the domain syntax is working, as it didn't work in my testing. So, you may want to double check that it shouldn't be Global/ FTD-DATACENTER. This would make sense given that the AC Policy is not able to be found using the name you provided.

lorrangarcia commented 5 years ago

But the domain it's > domain/a873c61e-95e5-48e9-a647-000000000001

Same as the print before...

I will check again and try another tests... Thanks for now...

kevrobertson commented 5 years ago

Hi,

I am also having this problem where domains are not working.

Has there been any fix for it? I get the same concatenate str error but if I # that out then I also get the same error that lorran gets with no items being pulled from the API.

Any ideas?

Thanks

phileasfogg1977 commented 3 years ago

in my clone, the api call itself was missing the domain parameter:

Clone:

Initialize a new api object

api = FireREST(hostname=device, username=username, password=password)

Edit:

Initialize a new api object

api = FireREST(hostname=device, username=username, password=password, domain=domain)

After correcting the domain = 'Global/' (no space) and adding the parameter to API call it worked just fine. HTH!