NAME

Net::Cisco::FMC::v1::Role::FixAccessruleLiterals - Role for Cisco Firepower Management Center (FMC) API version 1 method generation

VERSION

version 0.010000

SYNOPSIS

use strict;
use warnings;
use Net::Cisco::FMC::v1;
use Moo::Role ();

my $fmc = Net::Cisco::FMC::v1->new(
    server      => 'https://fmcrestapisandbox.cisco.com',
    user        => 'admin',
    passwd      => '$password',
    clientattrs => { timeout => 30 },
);

Moo::Role->apply_roles_to_object($fmc,
    'Net::Cisco::FMC::v1::Role::FixAccessruleLiterals');

DESCRIPTION

Cisco FMC 6.3.0 introduced support for FQDN objects which broke literal IPv4 host and network objects via the accessrules REST API. Even worse not only are the types of the replies incorrect but updating an existing rule or creating a new one based on a reply silently swallows literal host and network objects which have their type set to FQDN.

This role works around this bug by modifying the reply of "get_accessrule" in Net::Cisco::FMC::v1 and "list_accessrules" in Net::Cisco::FMC::v1 and replacing 'FQDN' with 'Network'.

This is how an accessrule API response looks like in 6.2.3.7:

{
  "links": {
    "self": "https://fmc6237.example.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies/005056A6-88ED-0ed3-0000-330712486749/accessrules?offset=0&limit=1&expanded=true"
  },
  "items": [
    {
      "metadata": {
        "ruleIndex": 1,
        "section": "Mandatory",
        "category": "--Undefined--",
        "accessPolicy": {
          "type": "AccessPolicy",
          "name": "test",
          "id": "005056A6-88ED-0ed3-0000-330712486749"
        },
        "timestamp": 1551185188796,
        "domain": {
          "name": "Global",
          "id": "e276abec-e0f2-11e3-8169-6d9ed49b625f",
          "type": "Domain"
        }
      },
      "links": {
        "self": "https://fmc6237.example.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies/005056A6-88ED-0ed3-0000-330712486749/accessrules/005056A6-88ED-0ed3-0000-000268435459"
      },
      "enabled": true,
      "name": "test",
      "type": "AccessRule",
      "action": "ALLOW",
      "id": "005056A6-88ED-0ed3-0000-000268435459",
      "sourceNetworks": {
        "literals": [
          {
            "type": "Network",
            "value": "10.0.0.0/24"
          }
        ]
      },
      "destinationNetworks": {
        "literals": [
          {
            "type": "Host",
            "value": "10.1.0.1"
          }
        ]
      },
      "logBegin": false,
      "logEnd": false,
      "variableSet": {
        "name": "Default-Set",
        "id": "76fa83ea-c972-11e2-8be8-8e45bb1343c0",
        "type": "VariableSet"
      },
      "logFiles": false,
      "vlanTags": {},
      "sendEventsToFMC": false
    }
  ],
  "paging": {
    "offset": 0,
    "limit": 1,
    "count": 1,
    "pages": 1
  }
}

And on FMC 6.3.0.1:

{
  "links": {
    "self": "https://fmc6301.example.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies/00505688-74E1-0ed3-0000-193273532969/accessrules?offset=0&limit=1&expanded=true"
  },
  "items": [
    {
      "metadata": {
        "ruleIndex": 1,
        "section": "Mandatory",
        "category": "--Undefined--",
        "accessPolicy": {
          "type": "AccessPolicy",
          "name": "test",
          "id": "00505688-74E1-0ed3-0000-193273532969"
        },
        "timestamp": 1551185492316,
        "domain": {
          "name": "Global",
          "id": "e276abec-e0f2-11e3-8169-6d9ed49b625f",
          "type": "Domain"
        }
      },
      "links": {
        "self": "https://fmc.6301.example.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies/00505688-74E1-0ed3-0000-193273532969/accessrules/00505688-74E1-0ed3-0000-000268447785"
      },
      "id": "00505688-74E1-0ed3-0000-000268447785",
      "sourceNetworks": {
        "literals": [
          {
            "type": "Network",
            "value": "10.0.0.0/24"
          }
        ]
      },
      "destinationNetworks": {
        "literals": [
          {
            "type": "FQDN",
            "value": "1.1.0.1"
          }
        ]
      },
      "logFiles": false,
      "logBegin": false,
      "logEnd": false,
      "variableSet": {
        "name": "Default-Set",
        "id": "76fa83ea-c972-11e2-8be8-8e45bb1343c0",
        "type": "VariableSet"
      },
      "enableSyslog": false,
      "vlanTags": {},
      "sendEventsToFMC": false,
      "type": "AccessRule",
      "action": "ALLOW",
      "name": "test",
      "enabled": true
    }
  ],
  "paging": {
    "offset": 0,
    "limit": 1,
    "count": 1,
    "pages": 1
  }
}

AUTHOR

Alexander Hartmaier <abraxxa@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2018 - 2024 by Alexander Hartmaier.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.