Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Robert_Decker
Advisor

R80 Management API tips and tricks - "show-domains" command

On Multi-Domain management server you may query for a list of domains in your environment by using a "show-domains" API command.

The response of this command contains a list of domain objects, defined by the user. This list does NOT contain a Global domain, User-Data domain or MDS.

Here is an example bash script that retrieves and stores in a variable a list of domains names - 

#!/bin/sh

JQ=${CPDIR}/jq/jq

DOMAINS_FILE="domains.json"

echo 'Getting a list of domains...'
mgmt_cli -r true -d MDS show domains limit 500 --format json > $DOMAINS_FILE
if [ $? -eq 1 ]; then
echo "Error getting list of domains. Aborting!"
exit 1
fi

DOMAINS_NAMES=($($JQ -r ".objects[] | .name" $DOMAINS_FILE))‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Here is an example bash script that iterates over the list of above domains and prints all access policy packages and layers - 

PACKAGES_FILE="packages.json"
PACKAGE_FILE="package.json"

for DOMAIN in ${DOMAINS_NAMES[@]}
do
  echo 'Searching in domain '"$DOMAIN"'...'
  mgmt_cli -r true -d "$DOMAIN" show packages limit 500 --format json > $PACKAGES_FILE
  if [ $? -ne 1 ]; then
    PACKAGES_NAMES=($($JQ -r ".packages[] | .name" $PACKAGES_FILE))
    for PACKAGE in ${PACKAGES_NAMES[@]}
    do
      echo 'Searching in package '"$PACKAGE"'...'
      mgmt_cli -r true -d "$DOMAIN" show-package name $PACKAGE --format json > $PACKAGE_FILE
      if [ $? -ne 1 ]; then
        ACCESS_LAYERS=($($JQ '.["access-layers"][] | .name' -r $PACKAGE_FILE))
        for LAYER in ${ACCESS_LAYERS[@]}
        do
          echo 'Policy layer: '"$LAYER"
        done
      fi
    done
  fi
done
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Robert.

6 Replies
Sebastian_Gxxx
Contributor

this is an easier way for R77 and R80.x 🙂

[Expert@MDS-R80.10:0]# $MDSVERUTIL AllCMAs
Domain1
Domain2
[Expert@MDS-R80.10:0]#

0 Kudos
Amiad_Stern

As a rule of thumb, when writing a script on R8X versions, it is recommended to work with official APIs (if exist) to make sure scripts will not "break" in the future.

Russell_Seifert
Employee
Employee

$MDSVERUTIL AllCMAs will show the CMA names, not the Domain names as the "mgmt_cli show domains" command does.

Example getting CMA's and Domain's:

CPPROD_UTIL="$CPDIR/bin/cpprod_util"

for CMA in $($MDSVERUTIL AllCMAs); do
     mdsenv $CMA

     DOMAIN_NAME=$(${CPPROD_UTIL} CPPROD_GetValue FW1 CustomerName 1)
     if [[ -z "$DOMAIN_NAME" ]]; then
          echo "Can not get Domain name"
     fi

     echo "CMA: $CMA"
     echo "Domain: $DOMAIN_NAME"
done‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

As Amiad said, best to use the API instead in case the $MDSVERUTIL commands change in a later version.

Paul_Gademsky
Employee
Employee

Is there a way to get this to return the global domain as well.

Currently, I have to define a variable manually, as I need the global to be in it as well as the rest of the domains.

Thanks,

PG

0 Kudos
Paul_Gademsky
Employee
Employee

Hi Robert,

When running this script, I'm getting this as part of the jq

Searching in package Standard...
jq: error: Cannot iterate over null

I've seen the jq error before in other scripts, and haven't been able to track down what is causing it.

It seems to happen in some domains (though not with every search, but some searches), and other domains seem exempt from it.

Do you have a good resource when this happens with a mgmt_cli command that calls jq?

Thank you,

Paul G.

0 Kudos
Paul_Gademsky
Employee
Employee

I figured out what was causing the jq to return the error.

I had an 'network' defined in the domain that was giving an error, that had been an invalid network mask (carried in from an ASA import via confwiz).  Once this fixed, the jq error went away.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events