Security

last person joined: 6 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

REST API call to update CPPM Static Hosts List

Jump to Best Answer
  • 1.  REST API call to update CPPM Static Hosts List

    Posted Jun 07, 2018 06:25 PM

    Hi all,

    I am trying to find how to append a MACAddress to a static host list via API. Using the PUT and PATCH methods seem to completely replace the MACAddress values with what I send. Is there a way to append an additional MACAddress value to the existing values?

    I am on CPPM version 6.7.3



  • 2.  RE: REST API call to update CPPM Static Hosts List
    Best Answer

    Posted Jun 07, 2018 06:47 PM
    1. It is highly recommended that you use Device Registration instead of SHLs.
    2. The list of entities is a single field so you need to pull all of the contents, add in your new entity and use PUT to put back the new value.


  • 3.  RE: REST API call to update CPPM Static Hosts List

    Posted Jan 08, 2020 06:36 PM

    I am reopening a quite old post here in hoping to get some help with API stuff. When I do PATCH for a new mac along with the existing in the SHL, I did work. I used CURL to update mac. However, the CURL with a file name call ("@cpi-mac-add.json") with the command seems not to update the list at all. Do you guys know why is that?

     

     



  • 4.  RE: REST API call to update CPPM Static Hosts List

    Posted Jan 08, 2020 08:41 PM

    Sorry, I don't understand your question. What is the json file? 



  • 5.  RE: REST API call to update CPPM Static Hosts List

    Posted Jan 09, 2020 05:15 PM

    Sorry for not being clear with my question above. 

    The .json file is with the existing and new Mac address entries to update a SHL group. 

     

    Eg. 

    The file in question is: 

    # cat cpi-mac-add.json
    {
    "StaticHostList": {
    "id": 3029,
    "name": "Test-Test",
    "description": "Test REST API call",
    "host_format": "list",
    "host_type": "MACAddress",
    "value": "aa:44:cc:dd:ee:ff,aa:11:cc:dd:ee:ff"
    }
    }

     

    and the command that I use is: 

    # curl -vX PATCH "https://**.com/api/static-host-list/3029" -H "Content-Type: application/json" -H "Authorization: Bearer 2d2c6c59125ea12b1743************f228" -m 30 -v -k -d "@cpi-mac-add.json"

     

    This doesn't help me update the mac for some reason. 

     

    Thanks!



  • 6.  RE: REST API call to update CPPM Static Hosts List

    Posted Jan 09, 2020 10:27 PM

    That is not a valid payload. The model schema in API Explorer details the proper payload:

     

    {
      "id": 0,
      "name": "",
      "description": "",
      "host_format": "",
      "host_type": "",
      "value": "",
      "host_entries": "object"
    }

    A PATCH is used to update a part of the entity, so if you're only added a MAC, you'd only pass the host_entries attribute:

     

    {  
    "host_entries": [
        {"host_address": "00-AA-BB-CC-DD-EE", "host_address_desc" : "name"},
        {"host_address": "00-AA-BB-CC-DD-FF", "host_address_desc" : "name2"}
    ]
    }

     



  • 7.  RE: REST API call to update CPPM Static Hosts List

    Posted Jan 10, 2020 02:27 PM

    I updated the file as you suggested but still there's no change at all.

    The TAC is not able to help me out also.

     

    # cat cpi-mac-add.json
    {
    "name": "Test-Test",
    "host_format": "list",
    "host_type": "MACAddress",
    "host_entries": [
    {"host_address": "00:00:AA:22:33:44", "host_address_desc" : "Test 44"},
    {"host_address": "00:AA:BB:CC:DD:FF", "host_address_desc" : "Test FF"}
    ]
    }

     

    # curl -vX PATCH "https://**.com/api/static-host-list/3029" -H "Content-Type: application/json" -H "Authorization: Bearer 2e2725008829606b7ac813411c0*******7939" -m 30 -v -k -d "@cpi-mac-add.json"
    * About to connect() to **.com port 443 (#0)
    * Trying 1.1.1.186...
    * Connected to **.com (1.1.1.186) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    * skipping SSL peer certificate verification
    * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    * Server certificate:
    * subject: CN=nac.example.com,OU=IT Network,O="Test, Inc.",L=Sunnyvale,ST=California,C=US
    * start date: Sep 09 00:00:00 2019 GMT
    * expire date: Sep 13 12:00:00 2021 GMT
    * common name: nac.example.com
    * issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.example.com,O=DigiCert Inc,C=US
    > PATCH /api/static-host-list/3029 HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: **.com
    > Accept: */*
    > Content-Type: application/json
    > Authorization: Bearer 2e2725008829606b7ac813411c0*******7939
    > Content-Length: 238
    >
    * upload completely sent off: 238 out of 238 bytes
    < HTTP/1.1 200 OK
    < Date: Fri, 10 Jan 2020 19:19:39 GMT
    < Server: Apache
    < Vary: X-Forwarded-For
    < X-Powered-By: PHP/7.1.30
    < X-XSS-Protection: 1;mode=block
    < X-Content-Type-Options: nosniff
    < Content-Length: 240
    < Content-Type: application/hal+json
    <
    * Connection #0 to host **.com left intact
    {"id":3029,"name":"Test-Test","description":"Test REST API call","host_format":"list","host_type":"MACAddress","value":"00:00:AA:22:33:44","_links":{"self":{"href":"https:\/\/**.com\/api\/static-host-list\/3029"

     



  • 8.  RE: REST API call to update CPPM Static Hosts List

    Posted Jan 13, 2020 07:17 AM

    Hi,

     

    With new release of PowerArubaCP (coming soon), it will be possible to add/remove entry on Static Host List

     

    https://github.com/PowerAruba/PowerArubaCP/pull/30



  • 9.  RE: REST API call to update CPPM Static Hosts List

    Posted Jan 13, 2020 09:27 AM

    Ensure it works using API Explorer before trying with curl



  • 10.  RE: REST API call to update CPPM Static Hosts List

    Posted Jan 13, 2020 07:00 PM

    I am now able to add the mac on SHL group with "value" below but not able to update their description. I did few tries with few different options but there was no luck at all. Same using API explorer.

    {
    "name": "Test-Test",
    "host_type": "MACAddress",
    "host_format": "list",
    "description": "Add MAC with API call",
    "value": "00:00:AA:22:33:44,aa:bb:cc:dd:ee:ff,00:aa:bb:cc:dd:ee,11:aa:bb:cc:dd:ff",
    "host_entries": [
    {"host_address": "00:00:AA:22:33:44", "host_address_desc": "Test-44"},
    {"host_address": "aa:bb:cc:dd:ee:ff", "host_address_desc": "Test-ff"},
    {"host_address": "00:aa:bb:cc:dd:ee", "host_address_desc": "Test-ee"},
    {"host_address": "11:aa:bb:cc:dd:ff", "host_address_desc": "Test-11"}
    ]
    }

     

    Thank you for your input!

     



  • 11.  RE: REST API call to update CPPM Static Hosts List

    Posted Jan 14, 2020 05:11 AM

    What do you are using ? PATCH or PUT ?



  • 12.  RE: REST API call to update CPPM Static Hosts List

    Posted Jan 14, 2020 12:55 PM

    I tried both and they gave me the same result.

     



  • 13.  RE: REST API call to update CPPM Static Hosts List

    Posted Jan 14, 2020 01:29 PM

    @joshus wrote:

    I tried both and they gave me the same result.

     


    Work for me with PowerArubaCP

    Need to use "master" branch if you want try



  • 14.  RE: REST API call to update CPPM Static Hosts List

    Posted Jan 28, 2020 04:10 PM

    @alagoutte wrote:

    @joshus wrote:

    I tried both and they gave me the same result.

     


    Work for me with PowerArubaCP

    Need to use "master" branch if you want try


    New release is available with support of SHL