Work with the DNA Center SGT/Policy configuration in native Python!
sgtpolicysdk is a cisco community developed Python library for working with the DNA Center APIs security groups, access contracts and policies. Our goal is to make working with DNA Center in Python a native and natural experience!
from sgtpolicysdk import DNACenterSGTPolicyAPI
Installing and upgrading sgtpolicysdk is easy: Install through downloaded/cloned from github
- Checkout code.
- Move to code directory
3. Install in your python environment .. code-block:: bash
$ python3 setup.py install
Install via PIP
$ pip3 install sgtpolicysdk
Upgrading to the latest Version
$ pip3 install sgtpolicysdk --upgrade
QuickUsageExample: .. code-block:: bash
shell$ python3 Python 3.7.9 (v3.7.9:13c94747c7, Aug 15 2020, 01:31:08) [Clang 6.0 (clang-600.0.57)] on darwin Type "help", "copyright", "credits" or "license" for more information.
>>> from sgtpolicysdk import DNACenterSGTPolicyAPI
serverip="xx.xx.xx.xx" username="xxxxxxxx" password="xxxxxxxx" version="2.2.3"
>>> dnac = DNACenterSGTPolicyAPI(server=serverip,username=username,password=password) /Users/pawansingh/Library/Python/3.7/lib/python/site-packages/urllib3/connectionpool.py:1050: InsecureRequestWarning: Unverified HTTPS request is being made to host '...'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings InsecureRequestWarning,>>> dnac.securitygroups.getSecurityGroupIdByName("Auditors") {'status': True, 'id': '6ed523e7-91e4-4600-b6ba-62b822e7f609'}
>>> dnac.securitygroups.updateSecurityGroup("Auditors",virtualNetworks=["WiredVNFBLayer2"]) {'status': True}>>> dnac.securitygroups.pushAndVerifySecurityGroups(verifyNoRequest=True) {'status': True}>>> dnac.securitygroups.updateSecurityGroup("Auditors",virtualNetworks=["VN1"]) {'status': False, 'failureReason': 'Not all virtualNetworks provided, exist in DNAC, Create VirtualNetwork in DNAC first'}
- createSecurityGroup(sgName, sgTag, sgDescription="", virtualNetworks=[])
- '''
Ceate a security group in DNAC. Function: createSecurityGroup Input:
sgName = Security Group Name sgTag = Security Group Tag sgDescription = Security Group Description virtualNetworks = list of Virtual Networks.
- Output:
When Success : {'status':True} When Failed : {status:False, "failureReason":"<failure reason>"}
'''
- updateSecurityGroup(name, securityGroupTag=None, description="",propagateToAci=None, virtualNetworks=[]):
- '''
Function: updateSecurityGroup INPUTs:
virtualNetworks : List of Virtual Network Names name : Security Group Name securityGroupTag: optional tag value description: Optional Description
- OUTPUT:
When Success: {"status":True, "failureReason":""} {"status":False, "failureReason":"<Failure expanation>"
'''
- addSecurityGroupToVirtualNetwork(sg_name, virtualNetworks):
- '''
Function: addSecurityGroupToVirtualNetwork INPUTs:
virtualNetworks : List of Virtual Network Names sg_name : Security Group Name
- OUTPUT:
When Success: {"status":True, "failureReason":""} {"status":False, "failureReason":"<Failure expanation>"
''')
- checkSecurityGroupsExistingInDnac(securityGroupList, expect=True):
- '''
Function: checkSecurityGroupsExistingInDnac Description: Check sg name and tag in dnac Input: List of Security Groups, expect = True/False Output: Success -> True
Failure -> False
'''
- getSecurityGroupIdByName(name):
- '''
getSecurityGroupIdByName INPUT: Security Group name OUTPUT:
if Security Group Found: {status:True, 'id':<id>} if Security Group not Found: {status:False, 'id':'', 'errorReason':''}
'''
- getSecurityGroupTagByName(name):
- '''
getSecurityGroupTagByName INPUT: Security Group name OUTPUT:
if Security Group Found: {status:True, 'securityGroupTag':<securityGroupTag>} if Security Group not Found: {status:False, 'securityGroupTag':'', 'errorReason':''}
'''
- getSecurityGroupCount():
- '''
getSecurityGroupCount description: Return the count of SecurityGroups in DNAC INPUT: NA OUTPUT:
status:True count: Total SGT count
'''
- deleteSecurityGroupByName(name):
- '''
deleteSecurityGroupByName description: Delete a give security group INPUT: name OUTPUT:
status:True status:False, failureReason: <reason>
'''
- deploy(verifyDone=False, verifyNoRequest=False, retries=1, timeout=DEFAULT_SGT_TIMEOUT):
- '''
Function: deployAndVerifySecurityGroups INPUT:
verifyDone = True/False : To validate if the SGT push is complete. verifyNoRequest = True/False : To validate there was no pending deploy action.
- OUTPUT:
For Success: {'status':True} For Faillure: {'status':False, 'failureReason': "<reason string>"}
'''
- push(verifyDone=False, verifyNoRequest=False, timeout=DEFAULT_SGT_TIMEOUT):
- '''
Function: pushAndVerifySecurityGroups INPUT:
verifyDone = True/False : To validate if the SGT push is complete. verifyNoRequest = True/False : To validate there was no pending deploy action.
- OUTPUT:
For Success: {'status':True} For Faillure: {'status':False, 'failureReason': "<reason string>"}
'''
- get_securityGroup_summary(**kwargs):
- '''
Function: get_securityGroup_summary Description: GET request for security group summary INPUT: kwargs OUTPUT: Returns response
'''
- createNewContract()
- dnac.accesscontracts.get_contractAccessSummary()
- dnac.accesscontracts.put_acaControllerServiceDeploy()
- dnac.accesscontracts.delete_contractAccessByName()
- dnac.accesscontracts.getAllContractName()
- dnac.accesscontracts.put_contractAccess()
- dnac.accesscontracts.deploy()
- dnac.accesscontracts.getContractCount()
- dnac.accesscontracts.updateAccessContract()
- dnac.accesscontracts.get_contractAccess()
- dnac.accesscontracts.verifyContractExistInDnac()
- dnac.accesscontracts.get_contractAccessByName()
- dnac.accesscontracts.post_contractAccess()
- dnac.sgtpolicy.createSecurityGroupPolicy()
- dnac.sgtpolicy.updatePolicyStatusContract()
- dnac.sgtpolicy.deploy()
- dnac.sgtpolicy.createSecurityGroupPolicyFromDestinationToSources()
- dnac.sgtpolicy.createSecurityGroupPolicyFromSourceToDestinations()
- dnac.sgtpolicy.get_policyaccess()
- dnac.sgtpolicy.getPolicyCount()
- dnac.sgtpolicy.get_policyaccess_summary()
- dnac.sgtpolicy.post_policyaccess()
- dnac.sgtpolicy.put_policyaccess()
- dnac.sgtpolicy.getPolicyFromSGToDG()
- dnac.sgtpolicy.getAllPolicyNameContractList()
Please see the releases_ page for release notes on the incremental functionality and bug fixes incorporated into the published releases.
sgtpolicysdk is a community developed and community supported project. If you experience any issues using this package, please report them using the issues_ page.
sgtpolicysdk is a community development projects. Feedback, thoughts, ideas, and code contributions are welcome! Please see the `Contributing`_ guide for more information.
This library is inspired by the webexteamssdk_ library
All notable changes to this project will be documented in the CHANGELOG file.
The development team may make additional name changes as the library evolves with the Cisco DNA Center APIs.
Copyright (c) 2021-2022 Cisco Systems.