This weblog publish will present you how one can automate DNS coverage administration with Tags.
To streamline DNS coverage administration for roaming computer systems, categorize them utilizing tags. By assigning a typical tag to a set of roaming computer systems, they are often collectively addressed as a single entity throughout coverage configuration. This strategy is really useful for deployments with many roaming computer systems, starting from a whole bunch to hundreds, because it considerably simplifies and quickens coverage creation.
Excessive-level workflow description
- Add API Key
- Generate OAuth 2.0 entry token
- Create tag
- Get the listing of roaming computer systems and determine associated ‘originId’
- Add tag to gadgets.
The Umbrella API supplies a typical REST interface and helps the OAuth 2.0 shopper credentials stream. Whereas creating the API Key, you may set the associated Scope and Expire Date.
To start out working with tagging, you could create an API key with the Deployment learn/write scope.
After producing the API Shopper and API secret, you need to use it for associated API calls.
First, we have to generate an OAuth 2.0 entry token.
You are able to do this with the next Python script:
import requests import os import json import base64 api_client = os.getenv('API_CLIENT') api_secret = os.getenv('API_SECRET') def generateToken(): url = "https://api.umbrella.com/auth/v2/token" usrAPIClientSecret = api_client + ":" + api_secret basicUmbrella = base64.b64encode(usrAPIClientSecret.encode()).decode() HTTP_Request_header = {"Authorization": "Primary %s" % basicUmbrella, "Content material-Kind": "utility/json;"} payload = json.dumps({ "grant_type": "client_credentials" }) response = requests.request("GET", url, headers=HTTP_Request_header, knowledge=payload) print(response.textual content) access_token = response.json()['access_token'] print(accessToken) return accessToken if __name__ == "__main__": accessToken = generateToken()
Anticipated output:
{“token_type”:”bearer”,”access_token”:”cmVwb3J0cy51dGlsaXRpZXM6cmVhZCBsImtpZCI6IjcyNmI5MGUzLWQ1MjYtNGMzZS1iN2QzLTllYjA5NWU2ZWRlOSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ1bWJyZWxsYS1hdXRoei9hdXRoc3ZjIiwic…OiJhZG1pbi5wYXNzd29yZHJlc2V0OndyaXRlIGFkbWluLnJvbGVzOnJlYWQgYWRtaW4udXNlcnM6d3JpdGUgYWRtaW4udXNlcnM6cmVhZCByZXBvcnRzLmdyYW51bGFyZXZlbnRzOnJlYWQgyZXBvcnRzLmFnZ3Jl…MzlL”,”expires_in”:3600}
We’ll use the OAuth 2.0 entry token retrieved within the earlier step for the next API requests.
Let’s create tag with the identify “Home windows 10”
def addTag(tagName): url = "https://api.umbrella.com/deployments/v2/tags" payload = json.dumps({ "identify": tagName }) headers = { 'Settle for': 'utility/json', 'Content material-Kind': 'utility/json', 'Authorization': 'Bearer ' + accessToken } response = requests.request("POST", url, headers=headers, knowledge=payload) print(response.textual content) addTag("Home windows 10", accesToken)
Anticipated output:
{
"id": 90289,
"organizationId": 7944991,
"identify": "Home windows 10",
"originsModifiedAt": "",
"createdAt": "2024-03-08T21:51:05Z",
"modifiedAt": "2024-03-08T21:51:05Z"
}
Umbrella dashboard, Checklist of roaming computer systems with out tags
Every tag has its distinctive ID, so we must always notice these numbers to be used within the following question.
The next operate helps us Get the Checklist of roaming computer systems:
def getListRoamingComputers(accesToken): url = "https://api.umbrella.com/deployments/v2/roamingcomputers" payload = {} headers = { 'Settle for': 'utility/json', 'Content material-Kind': 'utility/json', 'Authorization': 'Bearer ' + accessToken } response = requests.request("GET", url, headers=headers, knowledge=payload) print(response.textual content)
Anticipated output:
[
{
“originId”: 621783439,
“deviceId”: “010172DCA0204CDD”,
“type”: “anyconnect”,
“status”: “Off”,
“lastSyncStatus”: “Encrypted”,
“lastSync”: “2024-02-26T15:50:55.000Z”,
“appliedBundle”: 13338557,
“version”: “5.0.2075”,
“osVersion”: “Microsoft Windows NT 10.0.18362.0”,
“osVersionName”: “Windows 10”,
“name”: “CLT1”,
“hasIpBlocking”: false
},
{
“originId”: 623192385,
“deviceId”: “0101920E8BE1F3AD”,
“type”: “anyconnect”,
“status”: “Off”,
“lastSyncStatus”: “Encrypted”,
“lastSync”: “2024-03-07T15:20:39.000Z”,
“version”: “5.1.1”,
“osVersion”: “Microsoft Windows NT 10.0.19045.0”,
“osVersionName”: “Windows 10”,
“name”: “DESKTOP-84BV9V6”,
“hasIpBlocking”: false,
“appliedBundle”: null
}
]
Customers can iterate via the JSON listing gadgets and filter them by osVersionName, identify, deviceId, and so forth., and file the associated originId within the listing that we are going to use to use the associated tag.
With associated tag ID and roaming computer systems originId listing, we are able to lastly add a tag to gadgets, utilizing the next operate:
def addTagToDevices(tagId, deviceList, accesToken): url = "https://api.umbrella.com/deployments/v2/tags/{}/gadgets".format(tagId) payload = json.dumps({ "addOrigins": }) headers = { 'Settle for': 'utility/json', 'Content material-Kind': 'utility/json', 'Authorization': 'Bearer ' + accessToken } response = requests.request("POST", url, headers=headers, knowledge=payload) print(response.textual content) addTagToDevices(tagId, [ 621783439, 623192385 ], accesToken)
Anticipated output:
{
"tagId": 90289,
"addOrigins": [
621783439,
623192385
],
"removeOrigins": []
}
After including tags, let’s verify the dashboard
Umbrella dashboard, listing of roaming computer systems after we add tags utilizing API
A associated tag is out there to pick out when creating a brand new DNS coverage.
Notes:
- Every roaming laptop may be configured with a number of tags
- A tag can’t be utilized to a roaming laptop on the time of roaming shopper set up.
- You can’t delete a tag. As an alternative, take away a tag from a roaming laptop.
- Tags may be as much as 40 characters lengthy.
- You’ll be able to add as much as 500 gadgets to a tag (per request).
Attempt these updates within the DevNet Sandbox
Give it a attempt! Play with these updates utilizing the Umbrella DevNet Sandbox.
Share: