Solved: FMC - remove all rules within ACP category

dalamanster · ‎07-06-2021

Hello,

I am trying to remove all ACP rules within given category (via REST API).

Is there any way how can I get IDs of access rules within category?

I have only found following:

When I try to GET the category object I can see following parameters:

"metadata": {

.......

"startIndex": 1,

"endIndex": 4,

....

}

However this is just the index of the rule within the category...

Not the ID. I am not sure if it is possible to delete rule by index

Thanks for any help

Roman

jarsmith · ‎07-06-2021

I can see two possible approaches here I didn't find a built-in filter, unfortunately.

Using the category fetch you end up with a result something like:

{
  "metadata": {
    "section": "Mandatory",
    "startIndex": 2,
    "endIndex": 3,
    "accessPolicy": {
      "type": "AccessPolicy",
      "name": "test_policy1",
      "id": "00000000-0000-0ed3-0000-004294969708"
    }
  },
  "links": {
    "self": "https://fmc.cisco.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies/00000000-0000-0ed3-0000-004294969708/categories/00000000-0000-0ed3-0000-000268434436"
  },
  "type": "Category",
  "id": "00000000-0000-0ed3-0000-000268434436",
  "name": "my_cat"
}

As you pointed out you have the indexes so what you can do is take that and do a query on the rules table that looks like this:

https://fmc.cisco.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies/00000000-0000-0ed3-0000-004294969708/accessrules?offset=1&limit=2&expanded=true

Key items here are:

offset=1&limit=2

It appears that the index in the category object is 1 based and the index in the paging offset is zero-based.

So if we look at the original response we had:

"startIndex": 2, "endIndex": 3,

So your index covers 2 numbers (index 2 and index 3) so that is how we get the limit = 2

To convert the startIndex to zero-based subtract 1 which is how we get offset = 1

You could also do a raw query on access rules and do a manual (in code) filter on the metadata field category. You will see a block like the following in each returned rule if run in expanded=true mode:

"metadata": {

"ruleIndex": 2,

"section": "Mandatory",

"category": "my_cat",

"accessPolicy": {

"type": "AccessPolicy",

"name": "test_policy1",

"id": "00000000-0000-0ed3-0000-004294969708"

},

"timestamp": 1625611085506,

"domain": {

"name": "Global",

"id": "e276abec-e0f2-11e3-8169-6d9ed49b625f",

"type": "Domain"

}

Once you have the rule content from either of these approaches you will need to delete by ID value returned in the rule query not index. I'm not aware of any API to delete by index.

View solution in original post

dalamanster · ‎07-07-2021

Thanks a lot for quick response! Both options are interesting. I will play with it.

I am using "fmcapi" package from github - as a "wrapper" for rest api calls. It is much easier to play with REST API - but it has some limitation. For example - no support for offset & limit

Probably the second option will be easier to do:

get all rules in ACP
filter rules where item.metadata.category == cat
delete found IDs

View solution in original post

jarsmith · ‎07-06-2021

I can see two possible approaches here I didn't find a built-in filter, unfortunately.

Using the category fetch you end up with a result something like:

{
  "metadata": {
    "section": "Mandatory",
    "startIndex": 2,
    "endIndex": 3,
    "accessPolicy": {
      "type": "AccessPolicy",
      "name": "test_policy1",
      "id": "00000000-0000-0ed3-0000-004294969708"
    }
  },
  "links": {
    "self": "https://fmc.cisco.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies/00000000-0000-0ed3-0000-004294969708/categories/00000000-0000-0ed3-0000-000268434436"
  },
  "type": "Category",
  "id": "00000000-0000-0ed3-0000-000268434436",
  "name": "my_cat"
}

As you pointed out you have the indexes so what you can do is take that and do a query on the rules table that looks like this:

https://fmc.cisco.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies/00000000-0000-0ed3-0000-004294969708/accessrules?offset=1&limit=2&expanded=true

Key items here are:

offset=1&limit=2

It appears that the index in the category object is 1 based and the index in the paging offset is zero-based.

So if we look at the original response we had:

"startIndex": 2, "endIndex": 3,

So your index covers 2 numbers (index 2 and index 3) so that is how we get the limit = 2

To convert the startIndex to zero-based subtract 1 which is how we get offset = 1

You could also do a raw query on access rules and do a manual (in code) filter on the metadata field category. You will see a block like the following in each returned rule if run in expanded=true mode:

"metadata": {

"ruleIndex": 2,

"section": "Mandatory",

"category": "my_cat",

"accessPolicy": {

"type": "AccessPolicy",

"name": "test_policy1",

"id": "00000000-0000-0ed3-0000-004294969708"

},

"timestamp": 1625611085506,

"domain": {

"name": "Global",

"id": "e276abec-e0f2-11e3-8169-6d9ed49b625f",

"type": "Domain"

}

Once you have the rule content from either of these approaches you will need to delete by ID value returned in the rule query not index. I'm not aware of any API to delete by index.

dalamanster · ‎07-07-2021

Thanks a lot for quick response! Both options are interesting. I will play with it.

I am using "fmcapi" package from github - as a "wrapper" for rest api calls. It is much easier to play with REST API - but it has some limitation. For example - no support for offset & limit

Probably the second option will be easier to do:

get all rules in ACP
filter rules where item.metadata.category == cat
delete found IDs