## 1 [RESTCONF](#1-RESTCONF)
## 2 [What about api catalog](#2-What-about-api-catalog)
### 2.1 [Building RESTCONF URIs based on YANG models](#2.1-Building-RESTCONF-URIs-based-on-YANG-models)
## 3  [Device-Configuration](#3-Device-Configuration)
### 3.1  [Configure or modify ACL](#3.2-Configure-or-modify-ACL)
### 3.1.1 [Creating JSON Payload](#3.2.1-Creating-JSON-Payload)
### 3.1.2 [Get Running Configuration](#3.1.2-Get-Running-Configuration)
### 3.3  [Save Configuration](#3.3-Save-Configuration)

# RestConf

RESTCONF is HTTP(S) based protocol which uses the same YANG models underneath as NETCONF. However, RESTCONF uses different transport and encapsulation. 

NETCONF uses SSH for transport and RESTCONF uses HTTP(S).

RESTCONF is stateless by it's nature However, NETCONF is stateful as it maintains persistant connection with device.

RESTCONF supports XML and JSON as the data encapsulation method.

Configuration on IOS-XE router to enable RESTCONF:

Router(config)#restconf

Router(config)#ip http secure-server

By default RESTCONF works on Port 80 or 443, we can configure custom port using below command:

Router(config)#ip http secure-port 55443

![restconf.png](attachment:restconf.png)

# What about API catalog !!!!

API catalog documentation is usually avaiable for any RESTful based API's However, RESTCONF doesn't have API catalog.

Underneath RESTCONF defines how a YANG model is mapped to a RESTful interface. In this notebook we will learn how to...

    1) construct URIs to access the data model.
    2) using HTTP verbs (GET / POST / PATCH / PUT / DELETE)
    3) constructing JSON payload for modifying or configuring the device.

RESTCONF provides well known entry points to ‘discover’ the device capabilites and data models.


## Building RESTCONF URIs based on YANG models

![URI.png](attachment:URI.png)

![restconf%20http%20verbs%20vs%20netconf%20operations.png](attachment:restconf%20http%20verbs%20vs%20netconf%20operations.png)

# Device Discovery

A GET request call to below URI returns the high level RESTCONF entry point. 

https://192.168.163.223/.well-known/host-meta

Output:

<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>
    <Link rel='restconf' href='/restconf'/>
</XRD>

 << Need to write code to do the get request to .well-known/host-meta


# Device Configuration

In order to get the ACL configuration on the router we need to use the below URI.

https://{ADDRESS:Port}/restconf/data/Cisco-IOS-XE-native:native/ip/access-list/    


In [None]:
import requests
import json

HOST = '127.0.0.1'
PORT = '2225'
USERNAME = 'vagrant'
PASSWORD = 'vagrant'

def url(api_resource,yang_data_model=''):
  
    return "https://{host}:{port}/restconf/{api_resource}/{yang_data_model}".format(host=HOST,port=PORT,api_resource=api_resource,yang_data_model=yang_data_model)

session = requests.Session()
session.auth = (USERNAME, PASSWORD)

session.headers = {'accept': 'application/yang-data+json', 'content-type': 'application/yang-data+json'}

session.verify = False

# disable the ssl warnings
requests.packages.urllib3.disable_warnings()

print(url('data','Cisco-IOS-XE-native:native/ip/access-list/'))

o = session.get(url('data','Cisco-IOS-XE-native:native/ip/access-list/'))

print(o.text)




# Edit an ACL

In order to edit the configuration we need to use the PATCH HTTP verb. 

Below is the URI to edit the ACL configuration for extended ACL 104,
    
https://127.0.0.1:2225/restconf/data/Cisco-IOS-XE-native:native/ip/access-list/extended=104

Configuration change would be sent to device using the JSON payload. JSON payload is built based on the YANG model defination.

YANG model defination for ACL is : ( We use pyang utility to print YANG data model as a Tree structure )

```
pyang -f tree Cisco-IOS-XE-acl.yang

+--rw extended* [name]
    |  +--rw name                    ios-types:ext-acl-type
    |  +--rw access-list-seq-rule* [sequence]
    |  |  +--rw sequence    uint64
    |  |  +--rw ace-rule
    |  |  |  +--rw action?                    enumeration
    |  |  |  +--rw protocol?                  union
    |  |  |  +--rw object-group-str?          string
    |  |  |  +--rw (source-choice)?
    |  |  |  |  +--:(ipv4-prefix-case)
    |  |  |  |  |  +--rw ipv4-address         inet:ipv4-address
    |  |  |  |  |  +--rw mask                 inet:ipv4-address
    |  |  |  |  +--:(any-case)
    |  |  |  |  |  +--rw any?                 empty
    |  |  |  |  +--:(host-case)
    |  |  |  |  |  +--rw host?                ios-types:ipv4-host
    |  |  |  |  +--:(object-group-case)
    |  |  |  |     +--rw object-group?        string
    |  |  |  +--rw (src-port-choice)?
    |  |  |  |  +--:(src-eq-case)
    |  |  |  |  |  +--rw src-eq?              acl-port-type
    |  |  |  |  +--:(src-gt-case)
    |  |  |  |  |  +--rw src-gt?              acl-port-type
    |  |  |  |  +--:(src-lt-case)
    |  |  |  |  |  +--rw src-lt?              acl-port-type
    |  |  |  |  +--:(src-neq-case)
    |  |  |  |  |  +--rw src-neq?             acl-port-type
    |  |  |  |  +--:(src-range-case)
    |  |  |  |     +--rw src-range1?          acl-port-type
    |  |  |  |     +--rw src-range2?          acl-port-type
    |  |  |  +--rw (destination-choice)?
    |  |  |  |  +--:(ipv4-prefix-case)
    |  |  |  |  |  +--rw dest-ipv4-address    inet:ipv4-address
    |  |  |  |  |  +--rw dest-mask            inet:ipv4-address
    |  |  |  |  +--:(any-case)
    |  |  |  |  |  +--rw dst-any?             empty
    |  |  |  |  +--:(host-case)
    |  |  |  |  |  +--rw dst-host?            ios-types:ipv4-host
    |  |  |  |  +--:(object-group-case)
    |  |  |  |     +--rw dst-object-group?    string
    |  |  |  +--rw (dst-port-choice)?
    |  |  |  |  +--:(dst-eq-case)
    |  |  |  |  |  +--rw dst-eq?              acl-port-type
    |  |  |  |  +--:(dst-gt-case)
    |  |  |  |  |  +--rw dst-gt?              acl-port-type
    |  |  |  |  +--:(dst-lt-case)
    |  |  |  |  |  +--rw dst-lt?              acl-port-type
    |  |  |  |  +--:(dst-neq-case)
    |  |  |  |  |  +--rw dst-neq?             acl-port-type
    |  |  |  |  +--:(dst-range-case)
    |  |  |  |     +--rw dst-range1?          acl-port-type
    |  |  |  |     +--rw dst-range2?          acl-port-type
```

## Creating JSON Payload

![json%20payload%20creation.png](attachment:json%20payload%20creation.png)

In [None]:
payload = json.loads(
'''{"Cisco-IOS-XE-acl:extended": {
        "name": 104,
        "access-list-seq-rule": [
            {
                "sequence": 47,
                "ace-rule": {
                    "action": "permit",
                    "protocol": "ip",
                    "host": "55.46.30.10",
                    "dst-any": [
                        null
                    ]
                }
            }
        ]
    }
}''')


o = session.patch(url('data', 'Cisco-IOS-XE-native:native/ip/access-list/extended=104'),json=payload)

if o.status_code == 204:
    print("configuration is sucessful")
else:
    print(o.status_code)

Modified ACL configuration:

```
Spoke1#show ip access-lists
Extended IP access list 104
    10 permit ip host 1.1.1.1 any
    45 permit ip host 55.45.30.10 any
Spoke1#

```

## Get Running configuration

URL to get running configuration from the router 
    
    https://192.168.163.223/restconf/data/Cisco-IOS-XE-native:native
            

In [None]:
o = session.get(url('data', 'Cisco-IOS-XE-native:native/'))

if o.status_code == 200:
    print("Configuration retrived successfully" , "\n\n" , o.text)
else:
    print(o.status_code)

# Save Configuration

Configuration changes done will be in running configuration. We have to run below code to save the configuration to startup. 

In [None]:
o = session.post(url('operations', 'cisco-ia:save-config/'))
                  
print(o.status_code, '\n\n' , o.text)

Before saving configuration:

```
Spoke1#show startup | sec access-list
access-list 104 permit ip host 1.1.1.1 any
```

After saving configuration:

```
Spoke1#show run | sec access-list
access-list 104 permit ip host 1.1.1.1 any
access-list 104 permit ip host 55.45.30.10 any
Spoke1#
```