Add support for Network/Policy Objects
szeestraten opened this issue · 6 comments
It would be great if Network/Policy Objects support would be added.
https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Network_Objects_Configuration_Guide
Thank you for your request. Do you know if the Meraki API supports this action?
Hi @kbreit, thank you for your quick response (and great work on the modules)!
Yes, it was introduced in v1-11-0-beta-0.
A good start might to add modules for CRUD operations of policy objects and groups first.
Then later add support for policy objects and groups in the mx_l3_firewall module so they can be utilized.
@szeestraten I should be able to do this. I am hesitant to release modules which rely on beta API endpoints because not everyone has access to them. But I can talk to the Meraki team and see when the endpoints are expected to be released to the public as I don't see them in the public API documentation at https://developer.cisco.com/meraki/api-v1/.
To confirm, you'd like to see policy objects and groups supported then at some point the firewall module can be updated? I'll need to ensure the firewall API endpoints support these as well as I don't think they did in the past.
@kbreit I understand the hesitation. Perhaps it would be possible to add some notes in the modules regarding their beta status? Please note that it is an open beta which has been available for quite a while and everyone can opt-in if they want.
I also did not see the endpoints on https://developer.cisco.com/meraki/api-v1/, however it is available when clicking on the API docs in the help section when logged in to the Meraki dashboard. It looks like our "unique" URL's are https://n212.meraki.com/Internett-applia/n/xp9uCdud/manage/support/api_docs/v1#policy-objects and https://n212.meraki.com/Internett-applia/n/xp9uCdud/manage/support/api_docs/v1#policy-object-groups. The endpoints are also listed in the v1-11-0-beta-0 changelog.
I created a case (08082207) with Meraki requesting them to add the endpoint docs to https://developer.cisco.com/meraki/api-v1/ so hopefully that should be sorted soon.
Yes, support for managing policy objects/groups and being able to use them in the mx_l3_firewall module. There is actually already support for this in the /networks/{networkId}/appliance/firewall/l3FirewallRules API endpoint which I tested and works. But that is unfortunately also not described on the API docs yet (I also requested this in the case mentioned above). See this community post describing how to select policy objects and groups in l3firewallRules
Edit:
After some double checking, it looks like the mx_site_to_site_firewall module should also be updated as the /organizations/{organizationId}/appliance/vpn/vpnFirewallRules endpoint also supports policy objects and groups
@kbreit just wanted to let you know that I started working on PR a for this. Should hopefully have something to review in a week or two.
Thank you for writing a PR. Please model it off existing endpoints and be sure the documentation is full as many of the sanity tests will fail if it's not.
My hesitation is the feature is in beta, not even just the API endpoint which means there's possible. Please be sure to add notes stating the feature and API endpoints are in beta and may break without notice. If you have any questions though, don't hesitate to let me know.