External Interactions¶
Nautobot REST API endpoints¶
These examples are based on the same data used in unittesting of the plugin. To load the data for testing in a development environment use the invoke testdata
command.
If you are not using the local development environment you are still in luck. The invoke command is actually wrapping nautobot-server create_test_firewall_data
. This management command is available to any environment that has this plugin installed and listed in PLUGINS
in the nautobot_config.py
.
All firewall models are built with the use of both the REST API and GraphQL API available to the end user.
GraphQL¶
Example GraphQL query showing how to get instances for each of the models provided by this plugin:
Query¶
{
policies {
name
assigned_devices {
name
}
assigned_dynamic_groups {
name
}
policy_rules {
name
request_id
action
log
source_user {
username
}
source_user_group {
name
user_objects {
username
}
}
source_zone {
name
}
source_address {
ip_address {
address
}
ip_range {
start_address
end_address
}
}
source_address_group {
address_objects {
ip_address {
address
}
ip_range {
start_address
end_address
}
}
}
destination_zone {
name
}
destination_address {
ip_address {
address
}
ip_range {
start_address
end_address
}
}
destination_address_group {
address_objects {
ip_address {
address
}
ip_range {
start_address
end_address
}
}
}
}
}
}
Response¶
{
"data": {
"policies": [
{
"name": "Policy 1",
"assigned_devices": [
{
"name": "DFW-WAN00"
},
{
"name": "HOU-WAN00"
}
],
"assigned_dynamic_groups": [],
"policy_rules": [
{
"name": "Policy Rule 1",
"request_id": "req1",
"action": "DENY",
"log": true,
"source_user": [
{
"username": "user1"
}
],
"source_user_group": [
{
"name": "usr group1",
"user_objects": [
{
"username": "user1"
}
]
}
],
"source_zone": null,
"source_address": [
{
"ip_address": null,
"ip_range": {
"start_address": "192.168.0.11",
"end_address": "192.168.0.20"
}
}
],
"source_address_group": [
{
"address_objects": [
{
"ip_address": null,
"ip_range": {
"start_address": "192.168.0.11",
"end_address": "192.168.0.20"
}
},
{
"ip_address": {
"address": "10.0.0.1/32"
},
"ip_range": null
}
]
}
],
"destination_zone": null,
"destination_address": [
{
"ip_address": null,
"ip_range": null
}
],
"destination_address_group": [
{
"address_objects": [
{
"ip_address": null,
"ip_range": {
"start_address": "192.168.0.11",
"end_address": "192.168.0.20"
}
},
{
"ip_address": null,
"ip_range": null
},
{
"ip_address": null,
"ip_range": null
},
{
"ip_address": {
"address": "10.0.0.1/32"
},
"ip_range": null
}
]
}
]
}
]
}
]
}
}
REST¶
Below is an example response to the REST API GET request for a Policy object at /api/plugins/firewall/policy/<uuid>/
. The detail API view for a Policy Object accepts in deep=True
IF you would like to see a nested representation of all nested objects, this query param is not available on the list API view. Use this feature with caution as the query time for large sets of data can be substatial along with the size of the JSON payload.
Response¶
{
"id": "246a037f-9858-4848-90a5-7ca967a3583f",
"tags": [],
"display": "Policy 3",
"policy_rules": [
{
"rule": "03182134-11a7-40a9-b433-169ab2df721b",
"index": 10
},
{
"rule": "f78c677d-feaa-41b2-90f8-a4e8c8a62791",
"index": 20
},
{
"rule": "b9aab2e9-5490-4dd7-b2b7-ca4c71247a10",
"index": 30
},
{
"rule": "3b92704a-9913-4f02-b499-f083d6a4912a",
"index": 99
},
{
"rule": "e10a4346-9d28-4b3f-b501-2ed8bd12a453",
"index": 100
}
],
"assigned_devices": [],
"assigned_dynamic_groups": [
{
"dynamic_group": "eaa19dba-bfe0-4072-a458-b47e1e1375e6",
"weight": 1000
}
],
"created": "2022-06-09",
"last_updated": "2022-06-09T01:35:14.230438Z",
"_custom_field_data": {},
"description": "",
"name": "Policy 3",
"status": "35206353-47f4-4e71-9e2c-807092b6c439",
"tenant": "5fabe6c7-84a6-45af-95a0-384f9ebcbeb8"
}