Re: Cisco FMX API 6.6.0 - adding member to existing object group

chinhpham@ems.att.com · ‎02-20-2021

I am running FMC 6.6.0 API, adding a new member to an object group it wipes out all other existing member!

Would anyone know how to use PUT just to add a member and keep what exists?

Thanks

Francesco Molino · ‎02-20-2021

Hi

The goal is to read actual members and add the new one to the list and then do the PUT rest api to update.

Below a quick and dirty code allowing that just as example:

import requests
import csv
import json
from requests.auth import HTTPBasicAuth

address = "fmc.test.com"
username = "username"
password = "password"
api_uri = "/api/fmc_platform/v1/auth/generatetoken"
url = "https://" + address + api_uri

// Group-ID of your NetworkGroupObject. I set it up manually but you want to make an API call to look at it dynamically
group_id = "003082AX-24CE-0ed1-0000-003489118828"
actual_members = []
response = requests.request("POST", url, verify=False, auth=HTTPBasicAuth(username, password))

accesstoken = response.headers["X-auth-access-token"]
domain_uuid = response.headers["DOMAIN_UUID"]

urlgetgrp = "https://" + address + "/api/fmc_config/v1/domain/" + domain_uuid + "/object/networkgroups/" + group_id
headers = {'Accept': 'application/json', 'Content-Type': 'application/json'}
headers['X-auth-access-token'] = accesstoken

// Retrieve group info
response = requests.request("GET", urlgetgrp, headers=headers, verify=False)
// save actual members of group into a list variable
actual_members = json.loads(response.text)['objects']
idgrp = json.loads(response.text)['id']
namegrp = json.loads(response.text)['name']
typegrp = json.loads(response.text)['type']

// add new member into the list already filled with actual group members. Here I put manually the new host but you can also take that info from an external source and append it to the list variable

actual_members.append({"name": "HOST_TEST2", "id": "005056AD-29CE-0ed3-0000-008589966946", "type": "Host"})

// build URL and push the PUT to FMC
urlgrp_construct = "/api/fmc_config/v1/domain/" + domain_uuid + "/object/networkgroups/" + group_id
urlgrpput = "https://" + address + urlgrp_construct
payload = {"objects": actual_members, "id": idgrp, "name": namegrp, "type": typegrp}
response = requests.request("PUT", urlgrpput, headers=headers, data=(json.dumps(payload, indent = 4)), verify=False)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

chinhpham@ems.att.com · ‎02-22-2021

Thanks Francesco, I believe your procedure will work. In my case the Group has 3000+ member (per customer request)

I try to find a way to add a few objects instead of retrieve and re add the whole group.

Regards,

Chinh

Francesco Molino · ‎02-24-2021

I understand your point but with the actual APIs, there’s no options I’ve seen to just add a single host and keep what ever is in it.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

chinhpham@ems.att.com · ‎02-25-2021

Thank you for your confirmation that in order to add one object we need to re add the other thousand.
Is there anyway we can ask Cisco to improve it on future releases?

chinhpham@ems.att.com · ‎02-22-2021

I will keep your script for re-adding the group. Thanks

ameliascotts80938 · ‎02-27-2021

The Firepower Management Center REST API allows a third-party application, such as Firewall Platform Management solutions (FPMs) to read and write NGFW and NGIPS policies and configuration information without needing to go through the Firepower Management Center's (FMC) user interface.