Skip to content

CiscoSE/cane-project

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

.github

.github

 
 

account

account

 
 

angular @ abddda5

angular @ abddda5

 
 

api

api

 
 

auth

auth

 
 

database

database

 
 

jwt

jwt

 
 

model

model

 
 

routing

routing

 
 

util

util

 
 

workflow

workflow

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

AUTHORS.md

AUTHORS.md

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

main.go

main.go

 
 

Repository files navigation

cane-project

Cisco API Normalization Engine - Unify & Normalize API's across multiple Cisco platforms.

Business/Technical Challenge

With IT teams turning more and more to API’s to build, configure, and maintain their complex infrastructure, the explosion of API standards, formats, and authentication methods have made consuming them in a holistic fashion extremely difficult. Despite the fact that API’s were created to help us automate repetitive tasks that can be easily codified, one of the biggest hurdles for API’s is that there isn't a true standard. Every vendor has their own version and sometimes several distinct API types to leverage. Further complicating things is the way that tools and users authenticate to them, even within a single vendors API set, could be completely different. All of these caveats undermine the goal of automation - causing more work, not less - as was the original intent.

Proposed Solution

Introducing CANE - an API Aggregation platform that can consume multiple underlying Cisco (and other vendor) API’s and allow the creation of a business-centric compilation of API’s that make operational sense for your organization. CANE promotes programmability and automation via a single, vendor agnostic platform. Using a composable API engine, CANE can create a mapping between multiple underlying platform API’s (e.g. NX-API), and chain them together to create an outcome, not just an API response.

Authentication:

In order to maintain security, many API’s use some sort of authentication to protect access to sensitive information on the device or for changing the device configuration. However, this security can also be an unreasonable hindrance to the API's usefulness...the frequency of re-authentications, distribution of credentials, etc.

CANE can act as both the authentication provider and authentication subscriber. As an authentication provider, each user can securely authenticate into CANE with a username and password (additional authentication methods will be incorporated in the future such as SSO). After this initial authentication, the user will be issued a Java Web Token (JWT) that CANE will maintain. This token then allows the user/device to make subsequent API calls into CANE without manual re-authentication, or having to store a large number of different device credentials locally.

As an authentication subscriber, in the background, CANE will also maintain active Authentications into each vendor device, renewing session tokens automatically as needed. This ensures that the endpoint API is always available for consumption - the first time and every time. If the API requires an API key, CANE will centrally maintain all of your API keys on your behalf. This ensures that there is a single, protected holder of the API key. When a user authenticates into CANE with their username and password, they are given the right to use the API key while never having it within their possession. If the API key needs to be changed due to a periodic refresh or a compromise of the key, no problem.

Business-centric API’s:

The reality is that we rarely just call a SINGLE API. Multiple API calls are require to complete a business process, whether that is turning up a new branch location, or provisioning a new network across multiple different switch & routing platforms. CANE is centered around the idea of a workflow. Workflows allow a chain of multiple disparate API calls to be organized together, mapping outputs of some API’s, to inputs of others. Composing unique business API’s in this fashion enables the operation of your infrastructure in a much more effective and efficient way to continuously deliver on business needs.

Cisco Products Technologies/ Services

Our solution will complement all Cisco technologies that leverage RESTful APIs, including (but not limited to):

Team Members

Solution Components

CANE is written in GO, and uses MongoDB as the underlying document store. The graphical interface uses Angular, which simply calls the CANE API’s on the backend. We wanted something that could be compiled to run on various platforms, and packed in a container, VM, or whatever you’d like.

Usage

Please refer to this video:

Installation

Start a MongoDB Container:

sudo docker run -d --name mongodb -p 27017:27017 -v ~/data:/data/db mongo

Run the GO executable:

go run main.go

CANE is reachable (by default) on port 8005

Documentation

(In Progress)

License

Provided under Cisco Sample Code License, for details see LICENSE

Code of Conduct

Our code of conduct is available here

Contributing

See our contributing guidelines here

About

Cisco API Normalization Engine

Resources

Readme

License

View license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

4 stars

Watchers

4 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages