Credentials Guide
Introduction
The Catalyst Center Credentials API allows you to manage the credentials that are used for discovering and managing network devices.
Both command runner API and Discover APIs use the credentials to communicate with the devices.
It supports different kinds of credentials: SNMP (2/3), NETCONF, CLI (Telnet/SSH) and HTTP.
Goal
The goals of this guide are:
- Create different kind of credentials in Catalyst Center.
- List credentials.
- Modify credentials.
Endpoints and methods used
- POST
/dna/intent/api/v1/global-credential/cli - GET
/dna/intent/api/v1/global-credential/{credential_id} - GET
/dna/intent/api/v1/global-credential - POST
/dna/intent/api/v1/global-credential/http-write - POST
/dna/intent/api/v1/global-credential/snmpv3
Prerequisites
For this guide, we recommend that the developer becomes familiar with authenticating to the Catalyst Center API and understanding asynchronous operations.
Environment
This guide was developed using:
Authentication
First, we must authenticate and retrieve a token from the API.
Note: Do not use
verify=Falseorurllib3.disable_warnings()if you are not sure of its purpose. Read Authentication and Authorization.
import requests
from requests.auth import HTTPBasicAuth
import time
import urllib3
urllib3.disable_warnings()
BASE_URL = 'https://<IP Address>'
AUTH_URL = '/dna/system/api/v1/auth/token'
USERNAME = '<USERNAME>'
PASSWORD = '<PASSWORD>'
response = requests.post(BASE_URL + AUTH_URL, auth=HTTPBasicAuth(USERNAME, PASSWORD), verify=False)
token = response.json()['Token']
headers = {'X-Auth-Token': token, 'Content-Type': 'application/json'}
Credentials API
You can create credentials using either global or device credentials. Device credentials are associated with a site.
There are several types of credentials:
- CLI
- NETCONF
- SNMP (2/3)
- HTTP
Each of those types of credentials has its own endpoint because of the different options supported by each type of credentials.
Credentials are async APIs, so you must query the task API if you want to query the result of a credentials operation.
The API supports batch creation of credentials, as it expects an array that can include a single credential or many others.
CLI Credentials
Use CLI credentials for telnet and SSH access, with options like username, password, and enable password.
CLI_CREDENTIALS_URL='/dna/intent/api/v1/global-credential/cli'
credentials = [
{
"comments": "CLI Credentials for the guide",
"description": "Guide creds",
"enablePassword": "Cisco123!",
"password": "Cisco123!",
"username": "dnac"
}
]
response = requests.post(BASE_URL + CLI_CREDENTIALS_URL,
json = credentials,
headers=headers, verify=False)
SNMP Credentials
Catalyst Center supports SNMPv2 and SNMPv3 credentials. SNMPv2 credentials have endpoints for read community and another one for writing credentials.
SNMP_V3_CREDENTIALS_URL='/dna/intent/api/v1/global-credential/snmpv3'
credentials = [
{
"authType": "SHA",
"authPassword": "DNAC-2020",
"snmpMode": "AUTHPRIV",
"username": "dnac-guide",
"privacyType": "AES128",
"privacyPassword": "DNAC-PRIV-2020"
},
{
"snmpMode": "NOAUTHNOPRIV",
"username": "dnac-guide-2"
}
]
response = requests.post(BASE_URL + SNMP_V3_CREDENTIALS_URL,
json = credentials,
headers=headers, verify=False)
HTTP Credentials
Similar to SNMPv2 credentials, HTTP credentials have endpoints for read and write credentials.
credentials = [
{
"comments": "DNA Center HTTP credentials",
"description": "HTTP Creds",
"password": "HTTP-cr3d$",
"port": "443",
"secure": "true",
"username": "dna-http-user"
}
HTTP_WRITE_CREDENTIALS_URL='/dna/intent/api/v1/global-credential/http-write'
requests.post(BASE_URL + HTTP_WRITE_CREDENTIALS_URL,
json = credentials,
headers=headers, verify=False)
Code
The repository for this guide is here. The final code with functions appears as below.
# Modules import
import requests
from requests.auth import HTTPBasicAuth
import time
import sys
import pprint
pp = pprint.PrettyPrinter()
# Disable SSL warnings. Not needed in production environments with valid certificates
import urllib3
urllib3.disable_warnings()
# Authentication
BASE_URL = 'https://<IP Address>'
AUTH_URL = '/dna/system/api/v1/auth/token'
USERNAME = '<USERNAME>'
PASSWORD = '<PASSWORD>'
# URLs
CLI_CREDENTIALS_URL='/dna/intent/api/v1/global-credential/cli'
CREDENTIALS_BY_ID_URL='/dna/intent/api/v1/global-credential/{credential_id}'
CREDENTIALS_URL='/dna/intent/api/v1/global-credential'
HTTP_WRITE_CREDENTIALS_URL='/dna/intent/api/v1/global-credential/http-write'
SNMP_V3_CREDENTIALS_URL='/dna/intent/api/v1/global-credential/snmpv3'
# Get Authentication token
def get_dnac_jwt_token():
response = requests.post(BASE_URL + AUTH_URL,
auth=HTTPBasicAuth(USERNAME, PASSWORD),
verify=False)
token = response.json()['Token']
return token
# Print credentials
def print_credentials(credentials):
for credential in credentials:
print('Username: {0} Description: {1}'.format(
credential['username'],
credential['description']))
# Create SNMP v3 credentials
def create_snmpv3_credentials(headers, credentials):
response = requests.post(BASE_URL + SNMP_V3_CREDENTIALS_URL,
json = credentials,
headers=headers, verify=False)
return response.json()['response']
# Create CLI credentials
def create_cli_credentials(headers, credentials):
response = requests.post(BASE_URL + CLI_CREDENTIALS_URL,
json = credentials,
headers=headers, verify=False)
return response.json()['response']
# Create HTTP write credentials
def create_http_write_credentials(headers, credentials):
response = requests.post(BASE_URL + HTTP_WRITE_CREDENTIALS_URL,
json = credentials,
headers=headers, verify=False)
return response.json()['response']
# Get credentials
def get_credentials(headers, params):
response = requests.get(BASE_URL + CREDENTIALS_URL,
params=params,
headers=headers, verify=False)
return response.json()['response']
def main():
# obtain the Catalyst Center Auth Token
token = get_dnac_jwt_token()
headers = {'X-Auth-Token': token, 'Content-Type': 'application/json'}
# Create SNMPv3 credentials
credentials = [
{
"authType": "SHA",
"authPassword": "DNAC-2020",
"snmpMode": "AUTHPRIV",
"username": "dnac-guide",
"privacyType": "AES128",
"privacyPassword": "DNAC-PRIV-2020"
},
{
"snmpMode": "NOAUTHNOPRIV",
"username": "dnac-guide-2"
}
]
create_snmpv3_credentials(headers, credentials)
time.sleep(3)
# Get SNMP credentials
print('Printing SNMP credentials...')
query_string_params = {
'credentialSubType': 'SNMPV3'
}
response = get_credentials(headers, query_string_params)
print_credentials(response)
# HTTP Write credentials
credentials = [
{
"comments": "DNA Center HTTP credentials",
"description": "HTTP Creds",
"password": "HTTP-cr3d$",
"port": "443",
"secure": "true",
"username": "dna-http-user"
}
]
create_http_write_credentials(headers, credentials)
time.sleep(3)
# Get HTTP Write credentials
print('\nPrinting HTTP Write credentials...')
query_string_params = {
'credentialSubType': 'HTTP_WRITE'
}
response = get_credentials(headers, query_string_params)
print_credentials(response)
# CLI Credentials
credentials = [
{
"comments": "CLI Credentials for the guide",
"description": "Guide creds",
"enablePassword": "Cisco123!",
"password": "Cisco123!",
"username": "dnac"
}
]
create_cli_credentials(headers, credentials)
time.sleep(3)
# Get CLI credentials
print('\nPrinting CLI credentials...')
query_string_params = {
'credentialSubType': 'CLI'
}
response = get_credentials(headers, query_string_params)
print_credentials(response)
if __name__ == "__main__":
main()