cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Highlighted
Maik
Silver

Show changes from session => from a single session

Jump to solution

Hello guys,

 

I want to write a small script that lists all the created, deleted and modified rules and host objects for a given session/revision uid. The management API reference guide includes two possible commands that should do the job:

 

- show session uid <session_uid>

>> This lists all the general details of a session like e.g. the user, the change sum, the description, the application that has been used in order to publish the given session etc. Here everything is working as expected

 

- show changes from-session <session_uid> to-session <session_uid>

>> This command lists all changes in a given time or session frame... so this means I can use the above mentioned "from-session" => "two-sessions" arguments or the "from-date" => "to-date" arguments. However it seems like that it is not possible to list all changes from just one single session. The seemingly required arguments have default values if no UIDs for the sessions are specified:

from-session

string
Default: The session before to-session

 

to-sessionstring
Default: The last published session

 

But here lays another problem - as the from-session defaults to "the session before to-session" while the to-session argument defaults to "the last published session", this leads to the result that the command gives you the last two sessions if you do not specify any arguments. Still, it does not allow you to just see the changes from a single session. My idea was to give the from and to argument the same session uid, but this results in the following error:

 

> show changes from-session <my_session_uid1> to-session <my_session_uid1>

---------------------------------------------
Time: [15:43:07] 27/3/2019
---------------------------------------------
"Show Changes"  failed  (100%)  
tasks: 
- task-id: "abcdef01-2345-6789-b58a-3559264bf1dc"
  task-name: "Show Changes"
  status: "failed"
  progress-percentage: 100
  progress-description: "Diff operation failed: Unable to build the diff reply."
  suppressed: false

So the command requires a diff in between both parameters while a simple "show changes from-uid" or "show changes uid" does not exist. Do I miss something or is there really no possibility to track the changes of a given single session?

 

Regards,

Maik

0 Kudos
1 Solution

Accepted Solutions

Re: Show changes from session => from a single session

Jump to solution
I think I got it... I tested a few different session in the lab this morning and it did what I think you want.

If you run: mgmt_cli show changes to-session UID

Then it will compare the session to the previously published session right before it. I know it seems really backwards but if you read the API guide it is oddly worded that way. If you don't specify the 'from-session' then it defaults: The session before to-session

Make sure to set your details-level to get the detail you want
0 Kudos
7 Replies

Re: Show changes from session => from a single session

Jump to solution

Maik,

if you just run 'show changes' it will compare the last published session vs the session prior to it. Which would show you the changes of the last published session. I just tested it after adding a single network and publishing;

 

mgmt_cli -r true show changes

 

 

---------------------------------------------

Time: [07:25:43] 27/3/2019

---------------------------------------------

"Show Changes"  succeeded  (100%) 

tasks:

- task-id: "abcdef01-2345-6789-81ad-4d56c2e27f11"

  task-name: "Show Changes"

  status: "succeeded"

  progress-percentage: 100

  progress-description: "Operation Complete"

  suppressed: false

  task-details:

  - limit: 10

    offset: 0

    from: 1

    to: 2

    total: 2

    changes:

    - session:

        session-uid: "5ca78a82-4e2b-4315-ab73-7fede5598e81"

        user-name: "WEB_API"

        publish-time:

          posix: 1553689514200

          iso-8601: "2019-03-27T07:25-0500"

        domain-info:

          uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"

          name: "SMC User"

          domain-type: "domain"

      operations:

        added-objects:

        - uid: "3f8fde7a-077b-4ab3-ae45-cac29e36a20a"

          name: "net-1.1.1.1"

          type: "network"

          domain:

            uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"

            name: "SMC User"

            domain-type: "domain"

          subnet4: "1.1.1.0"

          mask-length4: 24

          subnet-mask: "255.255.255.0"

        modified-objects: []

        deleted-objects: []

 

Maik
Silver

Re: Show changes from session => from a single session

Jump to solution

Hello Adam,

Thanks for your reply and suggestion. But this still does not allow me to view the changes of a specific given session - it just lists the last one. This is a step in the direction that I am aiming for but still not the actual goal.

Maybe some background; I have created a script that validates some management CLI strings and gives you feedback on found errors or just says that the string is okay to push if no errors are found. In the end you will receive a list of all created objects (access rules + their related policies to be pricise) as well as a string and the revision id that can be copy pasted into a change ticket that is linked to the changes. Now I want to create an additional script that should allow an "easy review" of a given change by just giving the session (or revision) uid as a parameter in order to do a "four eyes check" of the changes via the cli and not the smartconsole. Thats why I require the change uid of not the latest session, or of multiple sessions but just one specific one.

Best regards,

Maik

0 Kudos
Admin
Admin

Re: Show changes from session => from a single session

Jump to solution
What you're describing might be better accomplished with SmartTasks, a feature we are launching later this year.
You'll be able to trigger an action when someone attempts to publish a session.(e.g. Run a script).

Re: Show changes from session => from a single session

Jump to solution
Got ya. PhoneBoy is right on the task piece. Saw that at CPX and it was very very nice. But I get what you are trying to do, let me chew on that this weekend and get back to you
Maik
Silver

Re: Show changes from session => from a single session

Jump to solution

Thanks PhoneBoy and Adam 🙂

Especially for thinking over it again on the weekend. Would be great to find a solution - even if it will be a little bit more trickier to achieve than with just running one api call. Have a great weekend and looking forward to hearing from you.

 

By the way, as it is possible to paste a  session uid into the audit log in order to receive all required objects it should be possible with the api as well I guess? Maybe I could use the generic object api somehow... but I need to dig deeper into the usage of it as I have zero experience regarding generic api call so far.

0 Kudos

Re: Show changes from session => from a single session

Jump to solution
I think I got it... I tested a few different session in the lab this morning and it did what I think you want.

If you run: mgmt_cli show changes to-session UID

Then it will compare the session to the previously published session right before it. I know it seems really backwards but if you read the API guide it is oddly worded that way. If you don't specify the 'from-session' then it defaults: The session before to-session

Make sure to set your details-level to get the detail you want
0 Kudos
Employee+
Employee+

Re: Show changes from session => from a single session

Jump to solution

Following the upcoming release of R80.30, we will publish the 'Changes Report' SmartConsole extension which uses the show-changes API command to visualize single session (private/published) changes.

The extension source code would be published as well in our GitHub repository post its release.

Check out How to extend and enhance SmartConsole? 

diff.png

0 Kudos