Credentials guide
Introduction
Cisco DNA Center Credentials API allows you to manage the credentials used for discovery and management of network devices.
Both command runner API and Discover APIs use the credentials to communicate with the devices.
It supports different kind of credentials: SNMP (2/3), NETCONF, CLI (Telnet/SSH) and HTTP.
Goal
The goals of this guide are:
- Create different kind of credentials in DNA Center
- List credentials
- Modify credentials
Endpoints and methods used
- POST
/dna/intent/api/v1/global-credential/cli - GET
/dna/intent/api/v1/global-credential/{credential_id} - GET
/dna/intent/api/v1/global-credential - POST
/dna/intent/api/v1/global-credential/http-write - POST
/dna/intent/api/v1/global-credential/snmpv3
Prerequisites
For this guide, it is recommended that the developer is familiar with authenticating to Cisco DNA Center API and asynchronous operations.
Environment
This guide was developed using:
Authentication
First, we need to authenticate and retrieve a token from the API.
Do not use
verify=Falseorurllib3.disable_warnings()if you are not sure of its purpose. Read Authentication and Authorization.
import requests
from requests.auth import HTTPBasicAuth
import time
import urllib3
urllib3.disable_warnings()
BASE_URL = 'https://<IP Address>'
AUTH_URL = '/dna/system/api/v1/auth/token'
USERNAME = '<USERNAME>'
PASSWORD = '<PASSWORD>'
response = requests.post(BASE_URL + AUTH_URL, auth=HTTPBasicAuth(USERNAME, PASSWORD), verify=False)
token = response.json()['Token']
headers = {'X-Auth-Token': token, 'Content-Type': 'application/json'}
Credentials API
Credentials can be created using global or device credentials. Device credentials are those associate with a site.
There are several types of credentials:
- CLI
- NETCONF
- SNMP (2/3)
- HTTP
Each of those types of credentials has its own endpoint because of the different options supported by each type of credentials.
Credentials are async APIs, so you need to query the task API if you want to query the result of a credentials operation.
Batch creation of credentials is supported as the API expects an array of credentials, which can have a single credential but also many others.
CLI Credentials
CLI credentials are used for telnet and SSH access, with options like username, password and enable password.
CLI_CREDENTIALS_URL='/dna/intent/api/v1/global-credential/cli'
credentials = [
{
"comments": "CLI Credentials for the guide",
"description": "Guide creds",
"enablePassword": "Cisco123!",
"password": "Cisco123!",
"username": "dnac"
}
]
response = requests.post(BASE_URL + CLI_CREDENTIALS_URL,
json = credentials,
headers=headers, verify=False)
SNMP Credentials
Cisco DNA Center supports SNMPv2 and SNMPv3 credentials. SNMPv2 credentials has endpoints for read community and another one for write credentials.
SNMP_V3_CREDENTIALS_URL='/dna/intent/api/v1/global-credential/snmpv3'
credentials = [
{
"authType": "SHA",
"authPassword": "DNAC-2020",
"snmpMode": "AUTHPRIV",
"username": "dnac-guide",
"privacyType": "AES128",
"privacyPassword": "DNAC-PRIV-2020"
},
{
"snmpMode": "NOAUTHNOPRIV",
"username": "dnac-guide-2"
}
]
response = requests.post(BASE_URL + SNMP_V3_CREDENTIALS_URL,
json = credentials,
headers=headers, verify=False)
HTTP Credentials
Similar to SNMPv2 credentials, HTTP credentials has endpoints for read and write credentials.
credentials = [
{
"comments": "DNA Center HTTP credentials",
"description": "HTTP Creds",
"password": "HTTP-cr3d$",
"port": "443",
"secure": "true",
"username": "dna-http-user"
}
HTTP_WRITE_CREDENTIALS_URL='/dna/intent/api/v1/global-credential/http-write'
requests.post(BASE_URL + HTTP_WRITE_CREDENTIALS_URL,
json = credentials,
headers=headers, verify=False)
Code
The repository for this guide is here. The final code with functions is shown below.
# Modules import
import requests
from requests.auth import HTTPBasicAuth
import time
import sys
import pprint
pp = pprint.PrettyPrinter()
# Disable SSL warnings. Not needed in production environments with valid certificates
import urllib3
urllib3.disable_warnings()
# Authentication
BASE_URL = 'https://<IP Address>'
AUTH_URL = '/dna/system/api/v1/auth/token'
USERNAME = '<USERNAME>'
PASSWORD = '<PASSWORD>'
# URLs
CLI_CREDENTIALS_URL='/dna/intent/api/v1/global-credential/cli'
CREDENTIALS_BY_ID_URL='/dna/intent/api/v1/global-credential/{credential_id}'
CREDENTIALS_URL='/dna/intent/api/v1/global-credential'
HTTP_WRITE_CREDENTIALS_URL='/dna/intent/api/v1/global-credential/http-write'
SNMP_V3_CREDENTIALS_URL='/dna/intent/api/v1/global-credential/snmpv3'
# Get Authentication token
def get_dnac_jwt_token():
response = requests.post(BASE_URL + AUTH_URL,
auth=HTTPBasicAuth(USERNAME, PASSWORD),
verify=False)
token = response.json()['Token']
return token
# Print credentials
def print_credentials(credentials):
for credential in credentials:
print('Username: {0} Description: {1}'.format(
credential['username'],
credential['description']))
# Create SNMP v3 credentials
def create_snmpv3_credentials(headers, credentials):
response = requests.post(BASE_URL + SNMP_V3_CREDENTIALS_URL,
json = credentials,
headers=headers, verify=False)
return response.json()['response']
# Create CLI credentials
def create_cli_credentials(headers, credentials):
response = requests.post(BASE_URL + CLI_CREDENTIALS_URL,
json = credentials,
headers=headers, verify=False)
return response.json()['response']
# Create HTTP write credentials
def create_http_write_credentials(headers, credentials):
response = requests.post(BASE_URL + HTTP_WRITE_CREDENTIALS_URL,
json = credentials,
headers=headers, verify=False)
return response.json()['response']
# Get credentials
def get_credentials(headers, params):
response = requests.get(BASE_URL + CREDENTIALS_URL,
params=params,
headers=headers, verify=False)
return response.json()['response']
def main():
# obtain the Cisco DNA Center Auth Token
token = get_dnac_jwt_token()
headers = {'X-Auth-Token': token, 'Content-Type': 'application/json'}
# Create SNMPv3 credentials
credentials = [
{
"authType": "SHA",
"authPassword": "DNAC-2020",
"snmpMode": "AUTHPRIV",
"username": "dnac-guide",
"privacyType": "AES128",
"privacyPassword": "DNAC-PRIV-2020"
},
{
"snmpMode": "NOAUTHNOPRIV",
"username": "dnac-guide-2"
}
]
create_snmpv3_credentials(headers, credentials)
time.sleep(3)
# Get SNMP credentials
print('Printing SNMP credentials...')
query_string_params = {
'credentialSubType': 'SNMPV3'
}
response = get_credentials(headers, query_string_params)
print_credentials(response)
# HTTP Write credentials
credentials = [
{
"comments": "DNA Center HTTP credentials",
"description": "HTTP Creds",
"password": "HTTP-cr3d$",
"port": "443",
"secure": "true",
"username": "dna-http-user"
}
]
create_http_write_credentials(headers, credentials)
time.sleep(3)
# Get HTTP Write credentials
print('\nPrinting HTTP Write credentials...')
query_string_params = {
'credentialSubType': 'HTTP_WRITE'
}
response = get_credentials(headers, query_string_params)
print_credentials(response)
# CLI Credentials
credentials = [
{
"comments": "CLI Credentials for the guide",
"description": "Guide creds",
"enablePassword": "Cisco123!",
"password": "Cisco123!",
"username": "dnac"
}
]
create_cli_credentials(headers, credentials)
time.sleep(3)
# Get CLI credentials
print('\nPrinting CLI credentials...')
query_string_params = {
'credentialSubType': 'CLI'
}
response = get_credentials(headers, query_string_params)
print_credentials(response)
if __name__ == "__main__":
main()