This weblog publish will present you how one can automate DNS coverage administration with Tags.
To streamline DNS coverage administration for roaming computer systems, categorize them utilizing tags. By assigning an ordinary tag to a group of roaming computer systems, they are often collectively addressed as a single entity throughout coverage configuration. This strategy is really useful for deployments with many roaming computer systems, starting from tons of to hundreds, because it considerably simplifies and quickens coverage creation.
Excessive-level workflow description
- Add API Key
- Generate OAuth 2.0 entry token
- Create tag
- Get the checklist of roaming computer systems and establish associated ‘originId’
- Add tag to gadgets.
The Umbrella API supplies an ordinary REST interface and helps the OAuth 2.0 shopper credentials move. Whereas creating the API Key, you possibly can set the associated Scope and Expire Date.
To start out working with tagging, you could create an API key with the Deployment learn/write scope.
After producing the API Shopper and API secret, you need to use it for associated API calls.
First, we have to generate an OAuth 2.0 entry token.
You are able to do this with the next Python script:
import requests import os import json import base64 api_client = os.getenv('API_CLIENT') api_secret = os.getenv('API_SECRET') def generateToken(): url = "https://api.umbrella.com/auth/v2/token" usrAPIClientSecret = api_client + ":" + api_secret basicUmbrella = base64.b64encode(usrAPIClientSecret.encode()).decode() HTTP_Request_header = {"Authorization": "Primary %s" % basicUmbrella, "Content material-Sort": "software/json;"} payload = json.dumps({ "grant_type": "client_credentials" }) response = requests.request("GET", url, headers=HTTP_Request_header, information=payload) print(response.textual content) access_token = response.json()['access_token'] print(accessToken) return accessToken if __name__ == "__main__": accessToken = generateToken()
Anticipated output:
{“token_type”:”bearer”,”access_token”:”cmVwb3J0cy51dGlsaXRpZXM6cmVhZCBsImtpZCI6IjcyNmI5MGUzLWQ1MjYtNGMzZS1iN2QzLTllYjA5NWU2ZWRlOSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ1bWJyZWxsYS1hdXRoei9hdXRoc3ZjIiwic…OiJhZG1pbi5wYXNzd29yZHJlc2V0OndyaXRlIGFkbWluLnJvbGVzOnJlYWQgYWRtaW4udXNlcnM6d3JpdGUgYWRtaW4udXNlcnM6cmVhZCByZXBvcnRzLmdyYW51bGFyZXZlbnRzOnJlYWQgyZXBvcnRzLmFnZ3Jl…MzlL”,”expires_in”:3600}
We are going to use the OAuth 2.0 entry token retrieved within the earlier step for the next API requests.
Let’s create tag with the identify “Home windows 10”
def addTag(tagName): url = "https://api.umbrella.com/deployments/v2/tags" payload = json.dumps({ "identify": tagName }) headers = { 'Settle for': 'software/json', 'Content material-Sort': 'software/json', 'Authorization': 'Bearer ' + accessToken } response = requests.request("POST", url, headers=headers, information=payload) print(response.textual content) addTag("Home windows 10", accesToken)
Anticipated output:
{
"id": 90289,
"organizationId": 7944991,
"identify": "Home windows 10",
"originsModifiedAt": "",
"createdAt": "2024-03-08T21:51:05Z",
"modifiedAt": "2024-03-08T21:51:05Z"
}
Umbrella dashboard, Record of roaming computer systems with out tags
Every tag has its distinctive ID, so we must always be aware these numbers to be used within the following question.
The next perform helps us Get the Record of roaming computer systems:
def getListRoamingComputers(accesToken): url = "https://api.umbrella.com/deployments/v2/roamingcomputers" payload = {} headers = { 'Settle for': 'software/json', 'Content material-Sort': 'software/json', 'Authorization': 'Bearer ' + accessToken } response = requests.request("GET", url, headers=headers, information=payload) print(response.textual content)
Anticipated output:
[
{
“originId”: 621783439,
“deviceId”: “010172DCA0204CDD”,
“type”: “anyconnect”,
“status”: “Off”,
“lastSyncStatus”: “Encrypted”,
“lastSync”: “2024-02-26T15:50:55.000Z”,
“appliedBundle”: 13338557,
“version”: “5.0.2075”,
“osVersion”: “Microsoft Windows NT 10.0.18362.0”,
“osVersionName”: “Windows 10”,
“name”: “CLT1”,
“hasIpBlocking”: false
},
{
“originId”: 623192385,
“deviceId”: “0101920E8BE1F3AD”,
“type”: “anyconnect”,
“status”: “Off”,
“lastSyncStatus”: “Encrypted”,
“lastSync”: “2024-03-07T15:20:39.000Z”,
“version”: “5.1.1”,
“osVersion”: “Microsoft Windows NT 10.0.19045.0”,
“osVersionName”: “Windows 10”,
“name”: “DESKTOP-84BV9V6”,
“hasIpBlocking”: false,
“appliedBundle”: null
}
]
Customers can iterate by way of the JSON checklist objects and filter them by osVersionName, identify, deviceId, and so forth., and report the associated originId within the checklist that we’ll use to use the associated tag.
With associated tag ID and roaming computer systems originId checklist, we are able to lastly add a tag to gadgets, utilizing the next perform:
def addTagToDevices(tagId, deviceList, accesToken): url = "https://api.umbrella.com/deployments/v2/tags/{}/gadgets".format(tagId) payload = json.dumps({ "addOrigins": }) headers = { 'Settle for': 'software/json', 'Content material-Sort': 'software/json', 'Authorization': 'Bearer ' + accessToken } response = requests.request("POST", url, headers=headers, information=payload) print(response.textual content) addTagToDevices(tagId, [ 621783439, 623192385 ], accesToken)
Anticipated output:
{
"tagId": 90289,
"addOrigins": [
621783439,
623192385
],
"removeOrigins": []
}
After including tags, let’s examine the dashboard
Umbrella dashboard, checklist of roaming computer systems after we add tags utilizing API
A associated tag is offered to pick when creating a brand new DNS coverage.
Notes:
- Every roaming pc could be configured with a number of tags
- A tag can’t be utilized to a roaming pc on the time of roaming shopper set up.
- You can’t delete a tag. As an alternative, take away a tag from a roaming pc.
- Tags could be as much as 40 characters lengthy.
- You’ll be able to add as much as 500 gadgets to a tag (per request).
Attempt these updates within the DevNet Sandbox
Give it a strive! Play with these updates utilizing the Umbrella DevNet Sandbox.
Share:
