fireREST


NamefireREST JSON
Version 1.1.0 PyPI version JSON
download
home_pagehttps://github.com/kaisero/fireREST.git
SummaryPython api client for firepower management center
upload_time2023-03-19 18:58:26
maintainer
docs_urlNone
authorOliver Kaiser
requires_python
license
keywords cisco firepower fmc ftd fpr api rest python api
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            [![python3](https://img.shields.io/badge/python-3.7+-blue.svg)](https://github.com/kaisero/fireREST/) [![pypi](https://img.shields.io/pypi/v/fireREST)](https://pypi.org/project/fireREST/) [![license](https://img.shields.io/badge/license-GPL%20v3.0-brightgreen.svg)](https://github.com/kaisero/fireREST/blob/master/LICENSE) [![status](https://img.shields.io/badge/status-beta-blue.svg)](https://github.com/kaisero/fireREST/) [![published](https://static.production.devnetcloud.com/codeexchange/assets/images/devnet-published.svg)](https://developer.cisco.com/codeexchange/github/repo/kaisero/fireREST)


# FireREST

FireREST is a python library to interface with Cisco Firepower Management Center REST API. The goal of FireREST is to provide a simple SDK to programmatically interact with FMC.

## Features

* Authentication and automatic session refresh / re-authentication
* Rate-limit detection and automatic backoff and retry behavior
* Automatic squashing of paginated api payloads
* Sanitization of api payloads for create and update operations (automatically remove unsupported elements like links, metadata from payload)
* Detailed logging of api requests and responses
* API specific error handling using various custom exceptions for typical errors (e.g. ResourceAlreadyExists, UnprocessAbleEntityError, ...)
* Support for resource lookup by name instead of uuid for all CRUD operations

## Requirements

* Python >= 3.7

## Quickstart

### Installation

```bash
> pip install fireREST
```

### Import api client

```python
from fireREST import FMC
```

### Authentication

FireREST uses basic authentication. In case your authentication token times out, the api client will automatically refresh the session and retry
a failed operation. If all 3 refresh tokens have been used up the connection object will try to re-authenticate again automatically.

```python
fmc = FMC(hostname='fmc.example.com', username='firerest', password='Cisco123', domain='Global')
```

> **_NOTE:_**  By default domain is set to `Global`

### CRUD Operations

#### Objects

##### Create network object

```python
net_obj = {
    'name': 'NetObjViaAPI',
    'value': '198.18.1.0/24',
}

response = fmc.object.network.create(data=net_obj)
```

> **_NOTE:_**  in case a resource supports the `bulk` option `FireREST` will automatically perform a bulk operation if the `data` provided is of type `list`

##### Get all network objects

```python
net_objects = fmc.object.network.get()
```

##### Get specific network object

```python
net_objects = fmc.object.network.get(name='NetObjViaAPI')
```

> **_NOTE:_** You can access a resource either by `name` or `uuid`. If the resource supports a filtering by name FireREST will utilize the filter option, in case
> a Resource does not support filter params it will iterate through all resources to find a match

##### Update network object

```python
net_obj = fmc.object.network.get(name='NetObjViaAPI')
net_obj['name'] = 'RenamedNetObjViaAPI'
response = fmc.object.network.update(data=net_obj)
```

> **_NOTE:_**  FireREST automatically extracts the `id` field of the provided data `dict` to update the correct resource.

##### Delete network object

```python
response = fmc.object.network.delete(name='NetObjViaAPI')
```

## Supported operations

Since FireREST does not try to provide a python object model nearly all api calls up to version 6.7.0 are available which includes but is not limited to
the following CRUD operations:

```
├── assignment
│   └── policyassignment
├── audit
│   └── auditrecord
├── deployment
│   ├── deployabledevice
│   │   ├── deployment
│   │   └── pendingchanges
│   ├── deploymentrequest
│   ├── jobhistory
│   └── rollbackrequest
├── device
│   └── devicerecord
│       ├── bridgegroupinterface
│       ├── etherchannelinterface
│       ├── fpinterfacestatistics
│       ├── fplogicalinterface
│       ├── fpphysicalinterface
│       ├── inlineset
│       ├── interfaceevent
│       ├── operational
│       │   ├── command
│       │   └── metric
│       ├── physicalinterface
│       ├── redundantinterface
│       ├── routing
│       │   ├── bgp
│       │   ├── bgpgeneralsettings
│       │   ├── ipv4staticroute
│       │   ├── ipv6staticroute
│       │   ├── ospfinterface
│       │   ├── ospfv2route
│       │   ├── ospfv3interface
│       │   ├── staticroute
│       │   └── virtualrouter
│       ├── subinterface
│       ├── virtualswitch
│       ├── virtualtunnelinterface
│       └── vlaninterface
├── devicecluster
│   └── ftddevicecluster
├── devicegroup
│   └── devicegrouprecord
├── devicehapair
│   └── ftddevicehapair
│       ├── failoverinterfacemacaddressconfig
│       └── monitoredinterface
├── health
│   ├── alert
│   └── metric
├── integration
│   ├── cloudeventsconfig
│   ├── cloudregion
│   ├── externallookup
│   └── externalstorage
├── intelligence
│   ├── taxiiconfig
│   │   ├── collection
│   │   └── discoveryinfo
│   └── tid
│       ├── element
│       ├── incident
│       ├── indicator
│       ├── observable
│       ├── setting
│       └── source
├── job
│   └── taskstatus
├── object
│   ├── anyprotocolportobject
│   ├── application
│   ├── applicationcategory
│   ├── applicationfilter
│   ├── applicationproductivities
│   ├── applicationrisk
│   ├── applicationtag
│   ├── applicationtype
│   ├── aspathlist
│   ├── certenrollment
│   ├── communitylist
│   ├── continent
│   ├── country
│   ├── dnsservergroup
│   ├── endpointdevicetype
│   ├── expandedcommunitylist
│   ├── extendedaccesslist
│   ├── fqdn
│   │   └── override
│   ├── geolocation
│   ├── globaltimezone
│   ├── host
│   │   └── override
│   ├── icmpv4object
│   │   └── override
│   ├── icmpv6object
│   │   └── override
│   ├── ikev1ipsecproposal
│   ├── ikev1policy
│   ├── ikev2ipsecproposal
│   ├── ikev2policy
│   ├── interface
│   ├── interfacegroup
│   ├── ipv4prefixlist
│   ├── ipv6prefixlist
│   ├── isesecuritygrouptag
│   ├── keychain
│   │   └── override
│   ├── network
│   │   └── override
│   ├── networkaddress
│   ├── networkgroup
│   │   └── override
│   ├── policylist
│   ├── port
│   ├── portobjectgroup
│   │   └── override
│   ├── protocolportobject
│   │   └── override
│   ├── range
│   │   └── override
│   ├── realmuser
│   ├── realmusergroup
│   ├── routemap
│   ├── securitygrouptag
│   ├── securityzone
│   ├── siurlfeed
│   ├── siurllist
│   ├── slamonitor
│   ├── standardaccesslist
│   ├── standardcommunitylist
│   ├── timerange
│   ├── timezone
│   │   └── override
│   ├── tunneltag
│   ├── url
│   │   └── override
│   ├── urlcategory
│   ├── urlgroup
│   │   └── override
│   ├── variableset
│   ├── vlangrouptag
│   │   └── override
│   └── vlantag
│       └── override
├── policy
│   ├── accesspolicy
│   │   ├── accessrule
│   │   ├── category
│   │   ├── defaultaction
│   │   ├── inheritancesettings
│   │   ├── loggingsettings
│   │   └── operational
│   │       └── hitcounts
│   ├── filepolicy
│   ├── ftdnatpolicy
│   │   ├── autonatrule
│   │   ├── manualnatrule
│   │   └── natrule
│   ├── ftds2svpn
│   │   ├── advancedsettings
│   │   ├── endpoint
│   │   ├── ikesettings
│   │   └── ipsecsettings
│   ├── intrusionpolicy
│   │   └── intrusionrule
│   ├── prefilterpolicy
│   │   ├── defaultaction
│   │   ├── operational
│   │   │   └── hitcounts
│   │   └── prefilterrule
│   ├── snmpalert
│   └── syslogalert
├── system
│   └── info
│       ├── domain
│       └── serverversion
├── update
│   └── upgradepackage
│       └── applicabledevice
└── user
    ├── authrole
    └── ssoconfig
```

## Troubleshooting

### UnprocessableEntityError

You might see an `UnprocessableEntityError` exception when you try to execute  `CREATE`or `UPDATE` operations. Depending on the API endpoint the error message from FMC might not contain enough information to pinpoint what is causing the issue. In this case I would recommend using `pigtail` on FMC to get more detailed information.

#### Example

In this example we are trying to create an object override, but the field `value` is invalid. The subnet mask chosen is not correct, which will cause the FMC API to respond with an UnprocessAbleEntity error.

````bash
data = {
    "overrides": {
        "parent": {
            "id": "00505699-76B7-0ed3-0000-077309525737"
        },
        "target": {
            "id": "0ff8161e-096e-11eb-8ec0-cb721f246e60",
            "type": "Device"
        }
    },
    "value": "198.18.201.0/241",
    "name": "NetObjWithOverrides",
    "id": "00505699-76B7-0ed3-0000-077309525737"
}
fmc.object.network.update(data=data)
````

On FMC we can use the `pigtail` utility to tail the logfile on the Tomcat webserver hosting the REST API. Using this method we can monitor the APIs response and get some additional information on the error

````bash
> expert
admin@fmc:/Volume/home/admin# sudo su -
root@fmc:/Volume/home/admin# pigtail TCAT
````

Here we see that a Java exception has been thrown, indicating that the request failed due an invalid ip address being passed

```
TCAT: 02-02 15:36:33 INFO: 172.21.100.145	-	-	443	PUT	/api/fmc_config/v1/domain/b76ff587-9224-65c7-d2af-000000000000/object/networks/00505699-76B7-0ed3-0000-077309525737	-	400	-	301	169	https://fmc.example.com	FireREST/1.0.0	-
TCAT: 02-02 15:34:33 [ajp-nio-127.0.0.1-9009-exec-1] ERROR com.cisco.api.external.rest.common.resource.ContainerServerResource - **Invalid IP Address**
TCAT: 02-02 15:34:33 APIException:Invalid IP Address
```

## Authors

Oliver Kaiser (oliver.kaiser@outlook.com)

## License

GNU General Public License v3.0 or later.

See [LICENSE](LICENSE) for the full text.

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/kaisero/fireREST.git",
    "name": "fireREST",
    "maintainer": "",
    "docs_url": null,
    "requires_python": "",
    "maintainer_email": "",
    "keywords": "cisco firepower fmc ftd fpr api rest python api",
    "author": "Oliver Kaiser",
    "author_email": "oliver.kaiser@outlook.com",
    "download_url": "https://files.pythonhosted.org/packages/e5/54/c17f97a52eeab9c5c238ac6d78babe05a9c4733718853f4acb1d04ccd284/fireREST-1.1.0.tar.gz",
    "platform": null,
    "description": "[![python3](https://img.shields.io/badge/python-3.7+-blue.svg)](https://github.com/kaisero/fireREST/) [![pypi](https://img.shields.io/pypi/v/fireREST)](https://pypi.org/project/fireREST/) [![license](https://img.shields.io/badge/license-GPL%20v3.0-brightgreen.svg)](https://github.com/kaisero/fireREST/blob/master/LICENSE) [![status](https://img.shields.io/badge/status-beta-blue.svg)](https://github.com/kaisero/fireREST/) [![published](https://static.production.devnetcloud.com/codeexchange/assets/images/devnet-published.svg)](https://developer.cisco.com/codeexchange/github/repo/kaisero/fireREST)\n\n\n# FireREST\n\nFireREST is a python library to interface with Cisco Firepower Management Center REST API. The goal of FireREST is to provide a simple SDK to programmatically interact with FMC.\n\n## Features\n\n* Authentication and automatic session refresh / re-authentication\n* Rate-limit detection and automatic backoff and retry behavior\n* Automatic squashing of paginated api payloads\n* Sanitization of api payloads for create and update operations (automatically remove unsupported elements like links, metadata from payload)\n* Detailed logging of api requests and responses\n* API specific error handling using various custom exceptions for typical errors (e.g. ResourceAlreadyExists, UnprocessAbleEntityError, ...)\n* Support for resource lookup by name instead of uuid for all CRUD operations\n\n## Requirements\n\n* Python >= 3.7\n\n## Quickstart\n\n### Installation\n\n```bash\n> pip install fireREST\n```\n\n### Import api client\n\n```python\nfrom fireREST import FMC\n```\n\n### Authentication\n\nFireREST uses basic authentication. In case your authentication token times out, the api client will automatically refresh the session and retry\na failed operation. If all 3 refresh tokens have been used up the connection object will try to re-authenticate again automatically.\n\n```python\nfmc = FMC(hostname='fmc.example.com', username='firerest', password='Cisco123', domain='Global')\n```\n\n> **_NOTE:_**  By default domain is set to `Global`\n\n### CRUD Operations\n\n#### Objects\n\n##### Create network object\n\n```python\nnet_obj = {\n    'name': 'NetObjViaAPI',\n    'value': '198.18.1.0/24',\n}\n\nresponse = fmc.object.network.create(data=net_obj)\n```\n\n> **_NOTE:_**  in case a resource supports the `bulk` option `FireREST` will automatically perform a bulk operation if the `data` provided is of type `list`\n\n##### Get all network objects\n\n```python\nnet_objects = fmc.object.network.get()\n```\n\n##### Get specific network object\n\n```python\nnet_objects = fmc.object.network.get(name='NetObjViaAPI')\n```\n\n> **_NOTE:_** You can access a resource either by `name` or `uuid`. If the resource supports a filtering by name FireREST will utilize the filter option, in case\n> a Resource does not support filter params it will iterate through all resources to find a match\n\n##### Update network object\n\n```python\nnet_obj = fmc.object.network.get(name='NetObjViaAPI')\nnet_obj['name'] = 'RenamedNetObjViaAPI'\nresponse = fmc.object.network.update(data=net_obj)\n```\n\n> **_NOTE:_**  FireREST automatically extracts the `id` field of the provided data `dict` to update the correct resource.\n\n##### Delete network object\n\n```python\nresponse = fmc.object.network.delete(name='NetObjViaAPI')\n```\n\n## Supported operations\n\nSince FireREST does not try to provide a python object model nearly all api calls up to version 6.7.0 are available which includes but is not limited to\nthe following CRUD operations:\n\n```\n\u251c\u2500\u2500 assignment\n\u2502   \u2514\u2500\u2500 policyassignment\n\u251c\u2500\u2500 audit\n\u2502   \u2514\u2500\u2500 auditrecord\n\u251c\u2500\u2500 deployment\n\u2502   \u251c\u2500\u2500 deployabledevice\n\u2502   \u2502   \u251c\u2500\u2500 deployment\n\u2502   \u2502   \u2514\u2500\u2500 pendingchanges\n\u2502   \u251c\u2500\u2500 deploymentrequest\n\u2502   \u251c\u2500\u2500 jobhistory\n\u2502   \u2514\u2500\u2500 rollbackrequest\n\u251c\u2500\u2500 device\n\u2502   \u2514\u2500\u2500 devicerecord\n\u2502       \u251c\u2500\u2500 bridgegroupinterface\n\u2502       \u251c\u2500\u2500 etherchannelinterface\n\u2502       \u251c\u2500\u2500 fpinterfacestatistics\n\u2502       \u251c\u2500\u2500 fplogicalinterface\n\u2502       \u251c\u2500\u2500 fpphysicalinterface\n\u2502       \u251c\u2500\u2500 inlineset\n\u2502       \u251c\u2500\u2500 interfaceevent\n\u2502       \u251c\u2500\u2500 operational\n\u2502       \u2502   \u251c\u2500\u2500 command\n\u2502       \u2502   \u2514\u2500\u2500 metric\n\u2502       \u251c\u2500\u2500 physicalinterface\n\u2502       \u251c\u2500\u2500 redundantinterface\n\u2502       \u251c\u2500\u2500 routing\n\u2502       \u2502   \u251c\u2500\u2500 bgp\n\u2502       \u2502   \u251c\u2500\u2500 bgpgeneralsettings\n\u2502       \u2502   \u251c\u2500\u2500 ipv4staticroute\n\u2502       \u2502   \u251c\u2500\u2500 ipv6staticroute\n\u2502       \u2502   \u251c\u2500\u2500 ospfinterface\n\u2502       \u2502   \u251c\u2500\u2500 ospfv2route\n\u2502       \u2502   \u251c\u2500\u2500 ospfv3interface\n\u2502       \u2502   \u251c\u2500\u2500 staticroute\n\u2502       \u2502   \u2514\u2500\u2500 virtualrouter\n\u2502       \u251c\u2500\u2500 subinterface\n\u2502       \u251c\u2500\u2500 virtualswitch\n\u2502       \u251c\u2500\u2500 virtualtunnelinterface\n\u2502       \u2514\u2500\u2500 vlaninterface\n\u251c\u2500\u2500 devicecluster\n\u2502   \u2514\u2500\u2500 ftddevicecluster\n\u251c\u2500\u2500 devicegroup\n\u2502   \u2514\u2500\u2500 devicegrouprecord\n\u251c\u2500\u2500 devicehapair\n\u2502   \u2514\u2500\u2500 ftddevicehapair\n\u2502       \u251c\u2500\u2500 failoverinterfacemacaddressconfig\n\u2502       \u2514\u2500\u2500 monitoredinterface\n\u251c\u2500\u2500 health\n\u2502   \u251c\u2500\u2500 alert\n\u2502   \u2514\u2500\u2500 metric\n\u251c\u2500\u2500 integration\n\u2502   \u251c\u2500\u2500 cloudeventsconfig\n\u2502   \u251c\u2500\u2500 cloudregion\n\u2502   \u251c\u2500\u2500 externallookup\n\u2502   \u2514\u2500\u2500 externalstorage\n\u251c\u2500\u2500 intelligence\n\u2502   \u251c\u2500\u2500 taxiiconfig\n\u2502   \u2502   \u251c\u2500\u2500 collection\n\u2502   \u2502   \u2514\u2500\u2500 discoveryinfo\n\u2502   \u2514\u2500\u2500 tid\n\u2502       \u251c\u2500\u2500 element\n\u2502       \u251c\u2500\u2500 incident\n\u2502       \u251c\u2500\u2500 indicator\n\u2502       \u251c\u2500\u2500 observable\n\u2502       \u251c\u2500\u2500 setting\n\u2502       \u2514\u2500\u2500 source\n\u251c\u2500\u2500 job\n\u2502   \u2514\u2500\u2500 taskstatus\n\u251c\u2500\u2500 object\n\u2502   \u251c\u2500\u2500 anyprotocolportobject\n\u2502   \u251c\u2500\u2500 application\n\u2502   \u251c\u2500\u2500 applicationcategory\n\u2502   \u251c\u2500\u2500 applicationfilter\n\u2502   \u251c\u2500\u2500 applicationproductivities\n\u2502   \u251c\u2500\u2500 applicationrisk\n\u2502   \u251c\u2500\u2500 applicationtag\n\u2502   \u251c\u2500\u2500 applicationtype\n\u2502   \u251c\u2500\u2500 aspathlist\n\u2502   \u251c\u2500\u2500 certenrollment\n\u2502   \u251c\u2500\u2500 communitylist\n\u2502   \u251c\u2500\u2500 continent\n\u2502   \u251c\u2500\u2500 country\n\u2502   \u251c\u2500\u2500 dnsservergroup\n\u2502   \u251c\u2500\u2500 endpointdevicetype\n\u2502   \u251c\u2500\u2500 expandedcommunitylist\n\u2502   \u251c\u2500\u2500 extendedaccesslist\n\u2502   \u251c\u2500\u2500 fqdn\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 geolocation\n\u2502   \u251c\u2500\u2500 globaltimezone\n\u2502   \u251c\u2500\u2500 host\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 icmpv4object\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 icmpv6object\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 ikev1ipsecproposal\n\u2502   \u251c\u2500\u2500 ikev1policy\n\u2502   \u251c\u2500\u2500 ikev2ipsecproposal\n\u2502   \u251c\u2500\u2500 ikev2policy\n\u2502   \u251c\u2500\u2500 interface\n\u2502   \u251c\u2500\u2500 interfacegroup\n\u2502   \u251c\u2500\u2500 ipv4prefixlist\n\u2502   \u251c\u2500\u2500 ipv6prefixlist\n\u2502   \u251c\u2500\u2500 isesecuritygrouptag\n\u2502   \u251c\u2500\u2500 keychain\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 network\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 networkaddress\n\u2502   \u251c\u2500\u2500 networkgroup\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 policylist\n\u2502   \u251c\u2500\u2500 port\n\u2502   \u251c\u2500\u2500 portobjectgroup\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 protocolportobject\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 range\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 realmuser\n\u2502   \u251c\u2500\u2500 realmusergroup\n\u2502   \u251c\u2500\u2500 routemap\n\u2502   \u251c\u2500\u2500 securitygrouptag\n\u2502   \u251c\u2500\u2500 securityzone\n\u2502   \u251c\u2500\u2500 siurlfeed\n\u2502   \u251c\u2500\u2500 siurllist\n\u2502   \u251c\u2500\u2500 slamonitor\n\u2502   \u251c\u2500\u2500 standardaccesslist\n\u2502   \u251c\u2500\u2500 standardcommunitylist\n\u2502   \u251c\u2500\u2500 timerange\n\u2502   \u251c\u2500\u2500 timezone\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 tunneltag\n\u2502   \u251c\u2500\u2500 url\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 urlcategory\n\u2502   \u251c\u2500\u2500 urlgroup\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u251c\u2500\u2500 variableset\n\u2502   \u251c\u2500\u2500 vlangrouptag\n\u2502   \u2502   \u2514\u2500\u2500 override\n\u2502   \u2514\u2500\u2500 vlantag\n\u2502       \u2514\u2500\u2500 override\n\u251c\u2500\u2500 policy\n\u2502   \u251c\u2500\u2500 accesspolicy\n\u2502   \u2502   \u251c\u2500\u2500 accessrule\n\u2502   \u2502   \u251c\u2500\u2500 category\n\u2502   \u2502   \u251c\u2500\u2500 defaultaction\n\u2502   \u2502   \u251c\u2500\u2500 inheritancesettings\n\u2502   \u2502   \u251c\u2500\u2500 loggingsettings\n\u2502   \u2502   \u2514\u2500\u2500 operational\n\u2502   \u2502       \u2514\u2500\u2500 hitcounts\n\u2502   \u251c\u2500\u2500 filepolicy\n\u2502   \u251c\u2500\u2500 ftdnatpolicy\n\u2502   \u2502   \u251c\u2500\u2500 autonatrule\n\u2502   \u2502   \u251c\u2500\u2500 manualnatrule\n\u2502   \u2502   \u2514\u2500\u2500 natrule\n\u2502   \u251c\u2500\u2500 ftds2svpn\n\u2502   \u2502   \u251c\u2500\u2500 advancedsettings\n\u2502   \u2502   \u251c\u2500\u2500 endpoint\n\u2502   \u2502   \u251c\u2500\u2500 ikesettings\n\u2502   \u2502   \u2514\u2500\u2500 ipsecsettings\n\u2502   \u251c\u2500\u2500 intrusionpolicy\n\u2502   \u2502   \u2514\u2500\u2500 intrusionrule\n\u2502   \u251c\u2500\u2500 prefilterpolicy\n\u2502   \u2502   \u251c\u2500\u2500 defaultaction\n\u2502   \u2502   \u251c\u2500\u2500 operational\n\u2502   \u2502   \u2502   \u2514\u2500\u2500 hitcounts\n\u2502   \u2502   \u2514\u2500\u2500 prefilterrule\n\u2502   \u251c\u2500\u2500 snmpalert\n\u2502   \u2514\u2500\u2500 syslogalert\n\u251c\u2500\u2500 system\n\u2502   \u2514\u2500\u2500 info\n\u2502       \u251c\u2500\u2500 domain\n\u2502       \u2514\u2500\u2500 serverversion\n\u251c\u2500\u2500 update\n\u2502   \u2514\u2500\u2500 upgradepackage\n\u2502       \u2514\u2500\u2500 applicabledevice\n\u2514\u2500\u2500 user\n    \u251c\u2500\u2500 authrole\n    \u2514\u2500\u2500 ssoconfig\n```\n\n## Troubleshooting\n\n### UnprocessableEntityError\n\nYou might see an `UnprocessableEntityError` exception when you try to execute  `CREATE`or `UPDATE` operations. Depending on the API endpoint the error message from FMC might not contain enough information to pinpoint what is causing the issue. In this case I would recommend using `pigtail` on FMC to get more detailed information.\n\n#### Example\n\nIn this example we are trying to create an object override, but the field `value` is invalid. The subnet mask chosen is not correct, which will cause the FMC API to respond with an UnprocessAbleEntity error.\n\n````bash\ndata = {\n    \"overrides\": {\n        \"parent\": {\n            \"id\": \"00505699-76B7-0ed3-0000-077309525737\"\n        },\n        \"target\": {\n            \"id\": \"0ff8161e-096e-11eb-8ec0-cb721f246e60\",\n            \"type\": \"Device\"\n        }\n    },\n    \"value\": \"198.18.201.0/241\",\n    \"name\": \"NetObjWithOverrides\",\n    \"id\": \"00505699-76B7-0ed3-0000-077309525737\"\n}\nfmc.object.network.update(data=data)\n````\n\nOn FMC we can use the `pigtail` utility to tail the logfile on the Tomcat webserver hosting the REST API. Using this method we can monitor the APIs response and get some additional information on the error\n\n````bash\n> expert\nadmin@fmc:/Volume/home/admin# sudo su -\nroot@fmc:/Volume/home/admin# pigtail TCAT\n````\n\nHere we see that a Java exception has been thrown, indicating that the request failed due an invalid ip address being passed\n\n```\nTCAT: 02-02 15:36:33 INFO: 172.21.100.145\t-\t-\t443\tPUT\t/api/fmc_config/v1/domain/b76ff587-9224-65c7-d2af-000000000000/object/networks/00505699-76B7-0ed3-0000-077309525737\t-\t400\t-\t301\t169\thttps://fmc.example.com\tFireREST/1.0.0\t-\nTCAT: 02-02 15:34:33 [ajp-nio-127.0.0.1-9009-exec-1] ERROR com.cisco.api.external.rest.common.resource.ContainerServerResource - **Invalid IP Address**\nTCAT: 02-02 15:34:33 APIException:Invalid IP Address\n```\n\n## Authors\n\nOliver Kaiser (oliver.kaiser@outlook.com)\n\n## License\n\nGNU General Public License v3.0 or later.\n\nSee [LICENSE](LICENSE) for the full text.\n",
    "bugtrack_url": null,
    "license": "",
    "summary": "Python api client for firepower management center",
    "version": "1.1.0",
    "split_keywords": [
        "cisco",
        "firepower",
        "fmc",
        "ftd",
        "fpr",
        "api",
        "rest",
        "python",
        "api"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "e554c17f97a52eeab9c5c238ac6d78babe05a9c4733718853f4acb1d04ccd284",
                "md5": "846eb3054113063fad149e32c5c74cc5",
                "sha256": "24f89b1f3c269933ed33e8a859a29200220d4a3b3b109ea8b9a8f3817a32fb4b"
            },
            "downloads": -1,
            "filename": "fireREST-1.1.0.tar.gz",
            "has_sig": false,
            "md5_digest": "846eb3054113063fad149e32c5c74cc5",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 65795,
            "upload_time": "2023-03-19T18:58:26",
            "upload_time_iso_8601": "2023-03-19T18:58:26.956831Z",
            "url": "https://files.pythonhosted.org/packages/e5/54/c17f97a52eeab9c5c238ac6d78babe05a9c4733718853f4acb1d04ccd284/fireREST-1.1.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-03-19 18:58:26",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "github_user": "kaisero",
    "github_project": "fireREST.git",
    "lcname": "firerest"
}
        
Elapsed time: 0.08823s