Authentication (CSRF Token & API Key)
The following code helps with automating API keys, login and enforcing CSRF token.
Login and check the CSRF Token
Both scripts are interacting with the REST API of an Aruba EdgeConnect Orchestrator, but they use different libraries to achieve the same result.
- The first script uses the pyedgeconnect library to interact with the Orchestrator. It creates an Orchestrator object with the IP address or FQDN of the Orchestrator, and the username and password of an account with API access. Then it logs in to the Orchestrator, retrieves a list of appliances, prints the list, and logs out.
with pyedgeconnect | without pyedgeconnect |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| ```python
from pyedgeconnect import Orchestrator
orch_fqdn = "10.1.30.110"
orch_user = "api-admin"
orch_password = "Don't Share This 1!"
orch = Orchestrator(orch_fqdn, verify_ssl=False)
# login with user/pass
orch.login(orch_user, orch_password)
# Contents of tasks to automate
appliances = orch.get_appliances()
print(appliances)
# Log out of session
orch.logout()
- The second script uses the requests library to interact with the Orchestrator. It creates a Session object, sends a POST request to log in to the Orchestrator with the provided username and password, retrieves a list of appliances with a GET request, prints the content of the response, and sends a GET request to log out of the session. The headers of the requests include an X-XSRF-TOKEN that was obtained from the Orchestrator after logging in.
In both scripts, verify_ssl=False is used to disable SSL certificate verification for simplicity. We do not recommend this for production environments.
import requests
session = requests.Session()
orch_fqdn = "10.1.30.110"
orch_user = "api-admin"
orch_password = "Don't Share This 1!"
login_type = 0 # 0 for local, 1 for radius, 2 for tacacs
timeout_values = (9.15, 12)
verify_ssl = False
headers = {}
# login with username/password
login_response = session.post(
f"https://{orch_fqdn}/gms/rest/authentication/login?source=menu_rest_apis_id",
json={
"user": orch_user,
"password": orch_password,
"token": "",
"loginType": login_type,
},
verify=verify_ssl,
timeout=timeout_values,
headers=headers,
)
if login_response.status_code == 200:
# get and set X-XSRF-TOKEN
for cookie in login_response.cookies:
if cookie.name == "orchCsrfToken":
# This relates to the 'Enforce CSRF Check' under the
# Advanced Security Settings in Orchestrator
headers["X-XSRF-TOKEN"] = cookie.value
get_appliances = session.get(
f"https://{orch_fqdn}/gms/rest/appliance?source=menu_rest_apis_id",
verify=verify_ssl,
timeout=timeout_values,
headers=headers,
)
print(get_appliances.content)
# Log out of session
session.get(
f"https://{orch_fqdn}/gms/rest/authentication/logout?source=menu_rest_apis_id",
verify=verify_ssl,
timeout=timeout_values,
headers=headers,
)
apiKey
The script enables one to login to thier Orchestrator instance and is able to create and API key, retrieve an API key and also print the API key to console. You will need to make sure you are using pyedgeconnect.
Login and retrieve and print API Key
python
from pyedgeconnect import Orchestrator
######## ## Log into Orchestrator###########
# can pass api_key="abc123" in the orch string if using API authentication
orch = Orchestrator("172.16.3.20",verify_ssl=False)
# login with user/pass... Comment out if using API authentication above
orch.login("username", "password")
api_key_name = "your_api_keyname"
######## ## Uncomment below to create new API key###########
# orch.add_api_key(
# name=api_key_name,
# permission="net_read_write",
# expiration=0,
# active=True,
# description="radius tool api key",
# )
# orch.logout()
######## ## Uncomment below to retreive specific API key###########
# retrieve_api_key = orch.get_api_key(api_key_name)
# api_key = retrieve_api_key["key"]
# orch.logout()
######## ## Print the API key to the console###########
# print(f"Your API Key is: {api_key}")
## Authors are Zach Camara and Shane Kindt
Updated about 1 year ago