addScheduleConfigExport - Firepower Threat Defense API v6.2 (FTD v7.2)

Description

The addScheduleConfigExport operation handles configuration related to ScheduleConfigExport model.
This API call is not allowed on the standby unit in an HA pair.

HTTP request

POST /api/fdm/v6/action/configexport

Data Parameters

Parameter	Required	Type	Description
scheduleType	False	string	Always IMMEDIATE
user	False	string	System provided ID of the user who scheduled the job. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
forceOperation	False	boolean	For Internal use.
jobHistoryUuid	False	string	The ID of the job status object created by this schedule object. Use this ID in the corresponding job API to check the job status. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
ipAddress	False	string	IP address of actor who initiated a job execution Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
diskFileName	False	string	The desired file name of the output ZIP file. Note the actual output file name may have extra trailing string to avoid duplicated file in the system. Please use the corresponding job API to find the actual file name. If null or empty, the system will assign a random string name. Field level constraints: must match pattern ^(sse:)?[a-zA-Z0-9_][a-zA-Z0-9_.+-]*. (Note: Additional constraints might exist)
encryptionKey	False	string	A password to encrypt the output ZIP file. The method of encryption used is AES-256. If doNotEncrypt is true, this field will be ignored and the created ZIP file will not be encrypted. Otherwise, this field is mandatory.
doNotEncrypt	False	boolean	An optional boolean that defaults to false. If true, the encryptionKey field will not be mandatory and will not be used to encrypt the export ZIP file.
configExportType	True	string	Enum values: FULL_EXPORT, PENDING_CHANGE_EXPORT and PARTIAL_EXPORT Field level constraints: cannot be null. (Note: Additional constraints might exist)
deployedObjectsOnly	False	boolean	Defaults to false. If true, only DEPLOYED objects will be exported. Note this value is ignored for PENDING_CHANGE_EXPORT type, as all pending change objects are not deployed to device
entityIds	False	[string]	This is required for PARTIAL_EXPORT only. This is a comma-separated list of the identities of a set of starting-point objects, enclosed in [brackets]. Each item in this list could be either a UUID value or an attribute-value pair matching patterns like 'id=<uuid-value>', 'type=<object-type>' or 'name=<object-name>'. For example, type=networkobject. All of these objects and their outgoing referential descendants will be included in the PARTIAL_EXPORT output file. Note all the unexportable objects will be excluded from the output even if you specify their identities. For example, to export all network objects, plus an access rule with name 'myaccessrule', and two objects identified by UUID, you can specify: "entityIds": [ "type=networkobject", "id=bab3e3cd-8c70-11e9-930a-1f12ee87d473", "name=myaccessrule", "acc2e3cd-8c70-11e9-930a-1f12ee87b286"]. Each 'type' could be either a REST-API leaf entity's type value, or an alias of a set of leaf types. Some typical type aliases are: network (NetworkObject and NetworkObjectGroup), port (All TCP/UDP/Icmp port, protocol and group types), url (URLObject and Group types), ikepolicy (IKE V1/V2 policy), ikeproposal (Ike V1/V2 proposal), identitysource (All identity-source types), certificate (All certificate types), object (All Object/Group types like network, port, etc), interface (All Network-Interface types like PhysicalInterface, BridgeGroupInterface, etc), s2svpn (All site-to-site VPN related types), ravpn (All RA-VPN related types), vpn (Both s2svpn and ravpn)
includeSystemDefined	False	boolean	Whether to include system defined objects. Defaults to false.
excludeEntities	False	[string]	(Optional.) A list of object matching strings that identify objects that should not be exported. You need to specify this attribute only if the export may include items that you do not want to export. Each item in this list has a pattern like 'type=<object-type>', 'id=<uuid-value>' or 'name=<object-name>'. Input objects that match one of these patterns will be excluded from export. For example, to exclude all network objects, two other objects identified by name 'myobj' and a UUID from being exported, specify: "excludeEntities": ["type=networkobject", "name=myobj", "id=acc2e3cd-8c70-11e9-930a-1f12ee87b286"]. Each 'type' could be either a REST-API leaf entity's type value, or an alias of a set of leaf types. Some typical type aliases are: network (NetworkObject and NetworkObjectGroup), port (All TCP/UDP/ICMP port, protocol and group types), url (URLObject and Group types), ikepolicy (IKE V1/V2 policy), ikeproposal (Ike V1/V2 proposal), identitysource (All identity-source types), certificate (All certificate types), object (All Object/Group types like network, port, etc), interface (All Network-Interface types like PhysicalInterface, BridgeGroupInterface, etc), s2svpn (All site-to-site VPN related types), ravpn (All RA-VPN related types), vpn (Both s2svpn and ravpn)
jobName	False	string	Name of the job
type	True	string	scheduleconfigexport

Example

curl -X POST \
    --header "Accept: application/json" \
    --header "Authorization: Bearer ${ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    -d '{
        "configExportType": "FULL_EXPORT",
        "deployedObjectsOnly": true,
        "diskFileName": "string",
        "doNotEncrypt": true,
        "encryptionKey": "string",
        "entityIds": [],
        "excludeEntities": [],
        "forceOperation": true,
        "id": "string",
        "includeSystemDefined": true,
        "ipAddress": "string",
        "jobHistoryUuid": "string",
        "jobName": "string",
        "scheduleType": "NONE",
        "type": "scheduleconfigexport",
        "user": "string",
        "version": "string"
    }' \
    "https://${HOST}:${PORT}/api/fdm/v6/action/configexport"

from bravado.requests_client import RequestsClient
from bravado.client import SwaggerClient


def get_client(host, token):
    http_client = RequestsClient()
    http_client.ssl_verify = False
    http_client.set_api_key(
        host,
        "Bearer {}".format(token),
        param_name="Authorization",
        param_in="header"
    )
    return SwaggerClient.from_url(
        "https://{}/apispec/ngfw.json".format(host),
        http_client=http_client,
        config={
            "validate_responses": False,
            "validate_swagger_spec": False
        }
    )


def add_schedule_config_export(client, body):
    return client.ConfigurationImportExport.addScheduleConfigExport(
        body=body
    ).response().result


if __name__ == "__main__":
    host = "ftd.example.com"
    token = "access_token"
    client = get_client(host, token)

    body = {'configExportType': 'FULL_EXPORT',
 'deployedObjectsOnly': True,
 'diskFileName': 'string',
 'doNotEncrypt': True,
 'encryptionKey': 'string',
 'entityIds': [],
 'excludeEntities': [],
 'forceOperation': True,
 'includeSystemDefined': True,
 'ipAddress': 'string',
 'jobHistoryUuid': 'string',
 'jobName': 'string',
 'scheduleType': 'NONE',
 'type': 'scheduleconfigexport',
 'user': 'string'}

    add_schedule_config_export(client, body)