Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Network/Policy Objects #316

Open
szeestraten opened this issue May 20, 2022 · 6 comments
Open

Add support for Network/Policy Objects #316

szeestraten opened this issue May 20, 2022 · 6 comments

Comments

@szeestraten
Copy link

It would be great if Network/Policy Objects support would be added.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Network_Objects_Configuration_Guide

@kbreit
Copy link
Collaborator

kbreit commented May 20, 2022

Thank you for your request. Do you know if the Meraki API supports this action?

@szeestraten
Copy link
Author

Hi @kbreit, thank you for your quick response (and great work on the modules)!

Yes, it was introduced in v1-11-0-beta-0.

A good start might to add modules for CRUD operations of policy objects and groups first.

Then later add support for policy objects and groups in the mx_l3_firewall module so they can be utilized.

@kbreit
Copy link
Collaborator

kbreit commented May 27, 2022

@szeestraten I should be able to do this. I am hesitant to release modules which rely on beta API endpoints because not everyone has access to them. But I can talk to the Meraki team and see when the endpoints are expected to be released to the public as I don't see them in the public API documentation at https://developer.cisco.com/meraki/api-v1/.

To confirm, you'd like to see policy objects and groups supported then at some point the firewall module can be updated? I'll need to ensure the firewall API endpoints support these as well as I don't think they did in the past.

@szeestraten
Copy link
Author

szeestraten commented May 30, 2022

@kbreit I understand the hesitation. Perhaps it would be possible to add some notes in the modules regarding their beta status? Please note that it is an open beta which has been available for quite a while and everyone can opt-in if they want.

I also did not see the endpoints on https://developer.cisco.com/meraki/api-v1/, however it is available when clicking on the API docs in the help section when logged in to the Meraki dashboard. It looks like our "unique" URL's are https://n212.meraki.com/Internett-applia/n/xp9uCdud/manage/support/api_docs/v1#policy-objects and https://n212.meraki.com/Internett-applia/n/xp9uCdud/manage/support/api_docs/v1#policy-object-groups. The endpoints are also listed in the v1-11-0-beta-0 changelog.

I created a case (08082207) with Meraki requesting them to add the endpoint docs to https://developer.cisco.com/meraki/api-v1/ so hopefully that should be sorted soon.

Yes, support for managing policy objects/groups and being able to use them in the mx_l3_firewall module. There is actually already support for this in the /networks/{networkId}/appliance/firewall/l3FirewallRules API endpoint which I tested and works. But that is unfortunately also not described on the API docs yet (I also requested this in the case mentioned above). See this community post describing how to select policy objects and groups in l3firewallRules

Edit:
After some double checking, it looks like the mx_site_to_site_firewall module should also be updated as the /organizations/{organizationId}/appliance/vpn/vpnFirewallRules endpoint also supports policy objects and groups

@szeestraten
Copy link
Author

szeestraten commented Jun 13, 2022

@kbreit just wanted to let you know that I started working on PR a for this. Should hopefully have something to review in a week or two.

@kbreit
Copy link
Collaborator

kbreit commented Jun 13, 2022

Thank you for writing a PR. Please model it off existing endpoints and be sure the documentation is full as many of the sanity tests will fail if it's not.

My hesitation is the feature is in beta, not even just the API endpoint which means there's possible. Please be sure to add notes stating the feature and API endpoints are in beta and may break without notice. If you have any questions though, don't hesitate to let me know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants