Adding Zones/Tags with XML API

Reply
Highlighted
L1 Bithead

Adding Zones/Tags with XML API

So I have been REPLACING tags and zones with the xml API with great success. What I have yet to do is figure out how to ADD tags or zones without disturbing the existing objects...or even replace them with multiple tags/zones

 

Working replacement of a zone-

xpath=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='{{Location}}']/post-rulebase/security/rules/entry[@name='{{Name}}']/from/member&element=<member>gp_vpn_general</member>

This works to replace a single zone....fails if you run it against a rule with multiple zones.

 

I've tried putting multiple members in the element but it only sees and inserts the first one

 

xpath=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='{{Location}}']/post-rulebase/security/rules/entry[@name='{{Name}}']/from/member&element=<member>gp_vpn_general</member><member>pci</member>

That puts the vpn zone in and ignores the pci zone, if I switch them it will put the pci zone in and ignore the vpn zone. 

So the function seems a 1 for 1 REPLACE

 

Can anyone nudge me in the direction for making additions?


Accepted Solutions
Highlighted
L1 Bithead

So the fix was that I needed to expand the element to include not only the member but the "from"

 

after that. Poof!

View solution in original post


All Replies
Highlighted
L3 Networker

Hello @ScottHammond 

What happens if you add the zones one by one (instead of all at once)?

If I remember it right, there are several ways to call the API. Are you using a "simple" POST or are you different various http methods?

Highlighted
L1 Bithead

Doing a POST

If I run it again it replaces whatever is there one for one.

 

THis is using the edit function. (set doesnt work because the rule already exists)

 

I see there is a method to add multiple members to address groups via the API, and you would think it would be the same for zones...but no joy

Highlighted
L1 Bithead

If I add zones from the cli with a debug running (clearing running a set command) the debug says

 

<request cmd="set" obj="/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='Location']/post-rulebase/security/rules/entry[@name='Name']/from" cookie="8038565277332854"><member>gp_vpn_general</member></request>

 
So I changed my xpath to
xpath=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='Location']/post-rulebase/security/rules/entry[@name='Name']/from/<member>gp_vpn_general</member>
 
and Postman give me this error-
<response status="error" code="13">
    <msg>
        <line>Could not find schema node for xpath /config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='Location']/post-rulebase/security/rules/entry[@name='Name']/from
            <member>gp_vpn_general</member>
        </line>
    </msg>
</response>
Could not find schema node for xpath
Highlighted
L1 Bithead

Okay so that didnt look right and I changed it to 

 

/from/member&element=<member>gp_vpn_general</member>

 

resulting in

 

<response status="error" code="12">
    <msg>
        <line>
            <![CDATA[ needs to have non NULL value]]>
        </line>
    </msg>
</response>
Highlighted
L1 Bithead

So the fix was that I needed to expand the element to include not only the member but the "from"

 

after that. Poof!

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!