Junos Space Developer
Junos Space Developer

Security Director API - resource not found

‎06-02-2017 12:23 PM

We just stood up a lab instance of Space 16.1 and i'm trying to use the Security Director API to do CRUD actions on firewall policy. I keep receiving the following error when I do a GET against this URI but this is the URI mentioned in the documentation. 

 

JBWEB000068: message Could not find resource for relative : /fwpolicy-management/firewall-policies of full path: https://10.210.26.44/api/juniper/sd/fwpolicy-management/firewall-policies

12 REPLIES 12
Junos Space Developer

Re: Security Director API - resource not found

[ Edited ]
‎06-05-2017 02:48 PM

Although SD isn't my strongest area in Space and I don't have too much experience with the SD API unlike the Management Platform API, hopefully I can still assist.

 

If I refer to the SD 15.1 documentation I can clearly see examples of the "/api/juniper/sd/fwpolicy-management/firewall-policies" URI and the results that are returned by that call.

 

If I check the 16.2 documentation there are no longer any references to the above URI, instead I am seeing a reference to "/api/juniper/sd/policy-management/firewall/policies".

 

I've started to examine some of the release notes to see if I can see any changes reflected there to explain this, but so far no luck.

 

I'm beginning to suspect that there is a change of API behaviour here possibly.


Regards,
Andy

Junos Space Developer

Re: Security Director API - resource not found

‎06-06-2017 05:57 AM

Looks to be the case, found the documentation specific to 16.1. I can make calls to the URI you mentioned but all it returns is the default PRE/POST policy. We have our devices as part of subdomains of global so none of the policies assigned to devices in domains below global show up. Is there a way to do CRUD operations against those sub-domain policies? 

Junos Space Developer

Re: Security Director API - resource not found

‎06-06-2017 06:10 AM

IIRC when dealing with Domains, then you need to apply the appropriate filter expression to your URI.

 

e.g

  1. Fetch list of domains to identify the correct ID associated with the domain that you are going to reference. (/api/space/domain-management/domains)
  2. Add the ?filter=(domain-id eq '123456') to your URI

Regards,

Andy

Junos Space Developer

Re: Security Director API - resource not found

‎06-06-2017 08:40 AM

Yea but filtering assumes i'm receiving a larger dataset than I want, even with the base API call i'm only receiving the 2 PRE/POST policies in my response. If I filter by domain I get 0 results. 

Junos Space Developer

Re: Security Director API - resource not found

‎06-07-2017 06:28 AM

Understood, I'll have to have a tinker with this when I have the opportunity to (stuck on another project delivery at the moment), but will try to look into this as soon as I can.


If it's urgent, and no further feedback comes here, perhaps raise a case with JTAC and have them look into it for you.

 

Regards,

Andy

Junos Space Developer

Re: Security Director API - resource not found

‎06-14-2018 10:50 AM

Hi crutcha, I was wondering if you found an answer to your issue? We are experiencing the exact same symptoms and we are on 17.2. We to have subdomains that I want to pull policies from but the only thing i get back from the API is the default global pre and post policies. 

Junos Space Developer

Re: Security Director API - resource not found

‎07-24-2018 07:45 AM

Not sure if you found a solution to your issue, but what I had to do was login first using the URI  /api/space/user-management/login

After logging in I could then use that session to pull the policies of the subdomains by filtering by the domain ID. Get the domain ID from the space domain API URI. Hope this helps.

Junos Space Developer

Re: Security Director API - resource not found

‎09-06-2018 11:08 AM

Actually what we had to do to switch between domains we had to use the Space User managment API and change the User Preference State:

https://www.juniper.net/documentation/en_US/junos-space-sdk/15.2/apiref/com.juniper.junos_space.sdk....

 

You will change the state name called $$PreferredWorkingDomain to have the value of the domain id you want to pull the policies from.

 

Once that has been changed to the domain you want to pull the policies from, you can perform your get policy API call.

 

 

 

Junos Space Developer

Re: Security Director API - resource not found

‎02-28-2019 10:14 AM

I'm only able to get the pre and post policeis owned by "system".

 

It's weird, I do get a JSON resposne with 20 policicies (the correct ammount of all policies we have) but there is only information on the pre and post policies.

 

I know this is kind of old, is there a new fix or work-around to query all policies that you know of?

 

Thanks,

 

 

Junos Space Developer

Re: Security Director API - resource not found

‎02-28-2019 10:59 AM

Hi Padichanu,

Do you have multiple domains? Also did you perform a login via Space login url and save that session information? When you perform the login using the space login api it will put your user in the last domain you had logged into. This is saved in the UserPreferenceState.  We had to change UserPreferenceState to the ID of the domain we wanted to pull the policy information from. If all of your policies are in the Global domain, I would assuem you would just need to perform a login and then pull your policies.

Junos Space Developer

Re: Security Director API - resource not found

a month ago

Hi!

 

Can you please share an example of such an API call (modifying the UserPreferenceState)?

 

Thanks!

 

Junos Space Developer

Re: Security Director API - resource not found

[ Edited ]
2 weeks ago

Hi,

This is the api call you need to use:

https://www.juniper.net/documentation/en_US/junos-space-sdk/18.1/apiref/com.juniper.junos_space.sdk....

 

The state name is called PreferredWorkingDomain.

 

The PreferredWorkingDomain is the domain ID number you can pull via api call for domains.

 

So the call would be a POST to this url, just change the space instance to yours. Also change the state-value in the data to the domain ID you want to pull policies from.

https://yourspaceinstance/api/space/user-managment/user-preference-states

 

The data to POST would look like this:

<update-user-preference-state>
    <user-preference-state>
        <state-name>$$PreferredWorkingDomain</state-name>
        <state-value>98304</state-value>
    </user-preference-state>
    <is-encode>Boolean</is-encode>
</update-user-preference-state>

 

Headers:

Accept: "application/vnd.net.juniper.space.user-management.update-user-preference-state-response+xml;version=3"

Content-Type: "application/xml"

 

This changes the domain you would be looking at for your policies.