cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Employee++
Employee++

R80 Management API tips and tricks - "show-domains" command

On Multi-Domain management server you may query for a list of domains in your environment by using a "show-domains" API command.

The response of this command contains a list of domain objects, defined by the user. This list does NOT contain a Global domain, User-Data domain or MDS.

Here is an example bash script that retrieves and stores in a variable a list of domains names - 

#!/bin/sh

JQ=${CPDIR}/jq/jq

DOMAINS_FILE="domains.json"

echo 'Getting a list of domains...'
mgmt_cli -r true -d MDS show domains limit 500 --format json > $DOMAINS_FILE
if [ $? -eq 1 ]; then
echo "Error getting list of domains. Aborting!"
exit 1
fi

DOMAINS_NAMES=($($JQ -r ".objects[] | .name" $DOMAINS_FILE))‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Here is an example bash script that iterates over the list of above domains and prints all access policy packages and layers - 

PACKAGES_FILE="packages.json"
PACKAGE_FILE="package.json"

for DOMAIN in ${DOMAINS_NAMES[@]}
do
  echo 'Searching in domain '"$DOMAIN"'...'
  mgmt_cli -r true -d "$DOMAIN" show packages limit 500 --format json > $PACKAGES_FILE
  if [ $? -ne 1 ]; then
    PACKAGES_NAMES=($($JQ -r ".packages[] | .name" $PACKAGES_FILE))
    for PACKAGE in ${PACKAGES_NAMES[@]}
    do
      echo 'Searching in package '"$PACKAGE"'...'
      mgmt_cli -r true -d "$DOMAIN" show-package name $PACKAGE --format json > $PACKAGE_FILE
      if [ $? -ne 1 ]; then
        ACCESS_LAYERS=($($JQ '.["access-layers"][] | .name' -r $PACKAGE_FILE))
        for LAYER in ${ACCESS_LAYERS[@]}
        do
          echo 'Policy layer: '"$LAYER"
        done
      fi
    done
  fi
done
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Robert.

6 Replies

Re: R80 Management API tips and tricks - "show-domains" command

this is an easier way for R77 and R80.x 🙂

[Expert@MDS-R80.10:0]# $MDSVERUTIL AllCMAs
Domain1
Domain2
[Expert@MDS-R80.10:0]#

0 Kudos

Re: R80 Management API tips and tricks - "show-domains" command

As a rule of thumb, when writing a script on R8X versions, it is recommended to work with official APIs (if exist) to make sure scripts will not "break" in the future.

Employee+
Employee+

Re: R80 Management API tips and tricks - "show-domains" command

$MDSVERUTIL AllCMAs will show the CMA names, not the Domain names as the "mgmt_cli show domains" command does.

Example getting CMA's and Domain's:

CPPROD_UTIL="$CPDIR/bin/cpprod_util"

for CMA in $($MDSVERUTIL AllCMAs); do
     mdsenv $CMA

     DOMAIN_NAME=$(${CPPROD_UTIL} CPPROD_GetValue FW1 CustomerName 1)
     if [[ -z "$DOMAIN_NAME" ]]; then
          echo "Can not get Domain name"
     fi

     echo "CMA: $CMA"
     echo "Domain: $DOMAIN_NAME"
done‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

As Amiad said, best to use the API instead in case the $MDSVERUTIL commands change in a later version.

Re: R80 Management API tips and tricks - "show-domains" command

Is there a way to get this to return the global domain as well.

Currently, I have to define a variable manually, as I need the global to be in it as well as the rest of the domains.

Thanks,

PG

0 Kudos

Re: R80 Management API tips and tricks - "show-domains" command

Hi Robert,

When running this script, I'm getting this as part of the jq

Searching in package Standard...
jq: error: Cannot iterate over null

I've seen the jq error before in other scripts, and haven't been able to track down what is causing it.

It seems to happen in some domains (though not with every search, but some searches), and other domains seem exempt from it.

Do you have a good resource when this happens with a mgmt_cli command that calls jq?

Thank you,

Paul G.

0 Kudos

Re: R80 Management API tips and tricks - "show-domains" command

I figured out what was causing the jq to return the error.

I had an 'network' defined in the domain that was giving an error, that had been an invalid network mask (carried in from an ASA import via confwiz).  Once this fixed, the jq error went away.

 

0 Kudos