Need Help with Tracking Script Execution in Meraki Dashboard for team Environment

srajiwate — Tue, 18 Mar 2025 09:02:42 GMT

Hello everyone,

I'm currently working on a script that interacts with the Meraki API to manage policy object groups across multiple organizations. The script is designed to fetch the API key from Azure Key Vault and perform various operations. Here's a brief overview of the script:

-----------------------------------
import requests
import pandas as pd
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

# Initialize Azure Key Vault client
key_vault_name = "<Your-KeyVault-Name>"
KVUri = f"https://{key_vault_name}.vault.azure.net"
credential = DefaultAzureCredential()
client = SecretClient(vault_url=KVUri, credential=credential)

# Fetch the API key from Azure Key Vault
api_key = client.get_secret("<Your-Secret-Name>").value

# Define the API endpoint and headers
base_url = "https://api.meraki.com/api/v1/organizations/{organizationId}/policyObjects/groups"
headers = {
'Authorization': f'Bearer {api_key}',
'Accept': 'application/json'
}

# Read organization IDs from Excel file
excel_file = '<Path-to-Your-Excel-File>' # Replace with your Excel file path
df = pd.read_excel(excel_file)

# Prompt for user ID
user_id = input("Enter your user ID: ")

# Iterate over each organization ID
for org_id in df['organizationId']:
print(f"\nProcessing organization ID: {org_id} by user: {user_id}")
org_base_url = base_url.replace("{organizationId}", str(org_id))

# Fetch the policy object groups
response = requests.get(org_base_url, headers=headers)
if response.status_code == 200:
policy_groups = response.json()
if policy_groups:
print("Policy Object Groups:")
for idx, group in enumerate(policy_groups):
print(f"{idx + 1}. Name: {group['name']}, ID: {group['id']}")

# Ask for confirmation
to_delete = input(f"Enter the numbers of the groups you want to delete for organization ID {org_id}, separated by commas: ")
to_delete_ids = [policy_groups[int(num) - 1]['id'] for num in to_delete.split(",")]

# Delete the selected groups
for group_id in to_delete_ids:
delete_url = f"{org_base_url}/{group_id}"
delete_response = requests.delete(delete_url, headers=headers)
if delete_response.status_code == 204:
print(f"Deleted group with ID: {group_id} by user: {user_id}")
else:
print(f"Failed to delete group with ID: {group_id} by user: {user_id}")
else:
print("No policy object groups found.")
else:
print(f"Failed to fetch policy object groups for organization ID: {org_id} by user: {user_id}")

print("Script completed.")

-------------------------------------
The Issue: The script works perfectly, but since the API key is associated with my Meraki account, all actions are logged under my name in the Meraki dashboard. This makes it difficult to track which team member (we are a team of 10) executed the script.

Additional Challenge: We can only create two API keys per profile in the Meraki dashboard. Additionally, most of our team members use Single Sign-On (SSO) accounts, which do not support API key generation.

What I've Tried:

Prompting for user ID at the start of the script to log who is running it.
Azure CLI login at start before executing the script to authorize from azure to access keyvault.

What I'm Looking For:

Best practices for managing API keys and tracking script execution in a team environment.
Accounting of script execution like script1 was executed by person1 and script 2 execute by person2

Any help or insights would be greatly appreciated!

Thank you!

Re: Need Help with Tracking Script Execution in Meraki Dashboard for team Environment

aleabrahao — Tue, 18 Mar 2025 18:00:17 GMT

This might help give you some idea of good practices.

Best Practices for Secure API Key Management

One idea is to implement audit logging within your script to record who ran the script and what actions were performed. This could include timestamps, user IDs, and details of the operations.

Re: Need Help with Tracking Script Execution in Meraki Dashboard for team Environment

sungod — Tue, 18 Mar 2025 18:31:22 GMT

Depends where you want to log the usage.

Append to a local log file, or send to a log server for instance.

If you want it logged within the Meraki environment, I think you could use MERAKI_PYTHON_SDK_CALLER

Set it to some string identifying the user on the system running the script, and it'll append to the userAgent string in the API request. Obviously you should not be sharing logins on the system(s) running your scripts.

You can then use the getOrganizationApiRequests endpoint to get the API usage data, which includes userAgent.

See here for MERAKI_PYTHON_SDK_CALLER usage rules...

https://github.com/meraki/dashboard-api-python/blob/main/meraki/config.py

...to play nice, perhaps put the ID as a simple numeric in the OptionalVersionNumber.

Re: Need Help with Tracking Script Execution in Meraki Dashboard for team Environment

srajiwate — Wed, 02 Apr 2025 23:19:24 GMT

with this i solved my problem

Thanks for idea of logging

# This script implements logging for tracking user actions and changes.
# It stores a backup before and after any modifications to maintain data integrity.
# The log records details such as the user performing the action and the specific changes made.

topic Re: Need Help with Tracking Script Execution in Meraki Dashboard for team Environment in Network Platform API

Need Help with Tracking Script Execution in Meraki Dashboard for team Environment

Re: Need Help with Tracking Script Execution in Meraki Dashboard for team Environment

Re: Need Help with Tracking Script Execution in Meraki Dashboard for team Environment

Re: Need Help with Tracking Script Execution in Meraki Dashboard for team Environment