# RestConf

<p><div class="lev1 toc-item"><a href="#Introduction" data-toc-modified-id="Introduction-1"><span class="toc-item-num">1&nbsp;&nbsp;</span>Introduction</a></div><div class="lev2 toc-item"><a href="#What-about-API-catalog-!!!!" data-toc-modified-id="What-about-API-catalog-!!!!-11"><span class="toc-item-num">1.1&nbsp;&nbsp;</span>What about API catalog !!!!</a></div><div class="lev3 toc-item"></div><div class="lev3 toc-item"><a href="#Building-RESTCONF-URIs-based-on-YANG-models" data-toc-modified-id="Building-RESTCONF-URIs-based-on-YANG-models-12"><span class="toc-item-num">1.2&nbsp;&nbsp;</span>Building RESTCONF URIs based on YANG models</a></div><div class="lev3 toc-item"><a href="#RESTCONF-vs-NETCONF" data-toc-modified-id="RESTCONF-vs-NETCONF-13"><span class="toc-item-num">1.3&nbsp;&nbsp;</span>RESTCONF vs NETCONF</a></div><div class="lev1 toc-item"><a href="#Device-Discovery" data-toc-modified-id="Device-Discovery-2"><span class="toc-item-num">2&nbsp;&nbsp;</span>Device Discovery</a></div><div class="lev2 toc-item"><a href="#Device-Configuration" data-toc-modified-id="Device-Configuration-21"><span class="toc-item-num">2.1&nbsp;&nbsp;</span>Device Configuration</a></div><div class="lev2 toc-item"><a href="#Edit-an-ACL" data-toc-modified-id="Edit-an- ACL-22"><span class="toc-item-num">2.2&nbsp;&nbsp;</span>Edit an ACL</a></div><div class="lev1 toc-item"><a href="#Creating-JSON-Payload" data-toc-modified-id="Creating-JSON-Payload-3"><span class="toc-item-num">3&nbsp;&nbsp;</span>Creating JSON Payload</a></div><div class="lev2 toc-item">
 <a href="#Get-Running-configuration" data-toc-modified-id="Get-Running-configuration-31"><span class="toc-item-num">3.1&nbsp;&nbsp;</span>Get Running configuration</a></div><div class="lev2 toc-item"><a href="#Save-Configuration" data-toc-modified-id="Save-Configuration-32"><span class="toc-item-num">3.2&nbsp;&nbsp;</span>Save Configuration</a></div>

# Introduction

RESTCONF is HTTP(S) based protocol which uses the same YANG models underneath as NETCONF. However, RESTCONF uses different transport and encapsulation. 

NETCONF uses SSH for transport and RESTCONF uses HTTP(S).

RESTCONF is stateless by its nature However, NETCONF is stateful as it maintains persistent connection with device.

RESTCONF supports XML and JSON as the data encapsulation method.

Configuration on IOS-XE router to enable RESTCONF:

Router(config)#restconf

Router(config)#ip http secure-server

By default RESTCONF works on Port 80 or 443, we can configure custom port using below command:

Router(config)#ip http secure-port 55443

![restconf.png](restconf.png)

# What about API catalog !!!!

API catalog documentation is usually available for any RESTful based API's However, RESTCONF doesn't have API catalog.

Underneath RESTCONF defines how a YANG model is mapped to a RESTful interface. In this notebook we will learn how to...

- construct URIs to access the data model.
- using HTTP verbs (GET / POST / PATCH / PUT / DELETE)
- constructing JSON payload for modifying or configuring the device.

## Building RESTCONF URIs based on YANG models

![URI.png](URI.png)

# RESTCONF vs NETCONF

Below table draws the similarity between the RESTCONF HTTP verbs and NETCONF Operations

RESTCONF uses these HTTP verbs to perform operations. 

![restconf%20http%20verbs%20vs%20netconf%20operations.png](restconf%20http%20verbs%20vs%20netconf%20operations.png)

# Device Discovery

RESTCONF provides well known entry points to ‘discover’ the device capabilities and data models.

A GET request call to below URI returns the high level RESTCONF entry point. 

https://{ADDRESS:PORT}/.well-known/host-meta


In [None]:
import requests
import json

HOST = '127.0.0.1'
PORT = '2225'
USERNAME = 'vagrant'
PASSWORD = 'vagrant'

def url(api_resource,yang_data_model=''):
  
    return "https://{host}:{port}/restconf/{api_resource}/{yang_data_model}".format(host=HOST,port=PORT,api_resource=api_resource,yang_data_model=yang_data_model)

session = requests.Session()

session.auth = (USERNAME, PASSWORD)

session.headers = {'accept': 'application/yang-data+json', 'content-type': 'application/yang-data+json'}

session.verify = False

# disable the ssl warnings
requests.packages.urllib3.disable_warnings()

response = session.get('https://127.0.0.1:2225/.well-known/host-meta')

if response.status_code == 200:
    print(response.text)



# Device Configuration

In order to get the ACL configuration on the router we need to use the below URI.

https://{ADDRESS:PORT}/restconf/data/Cisco-IOS-XE-native:native/ip/access-list/    


In [None]:
print(url('data','Cisco-IOS-XE-native:native/ip/access-list/'))

o = session.get(url('data','Cisco-IOS-XE-native:native/ip/access-list/'))

print(o.text)

# Edit an ACL

In order to edit the configuration we need to use the PATCH HTTP verb. 

Below is the URI to edit the ACL configuration for extended ACL 104
    
https://127.0.0.1:2225/restconf/data/Cisco-IOS-XE-native:native/ip/access-list/extended=104

Configuration change would be sent to device using the JSON payload. JSON payload is built based on the YANG model definition.

YANG model definition for ACL is : ( We use pyang utility to print YANG data model as a Tree structure )

```
pyang -f tree Cisco-IOS-XE-acl.yang

+--rw extended* [name]
    |  +--rw name                    ios-types:ext-acl-type
    |  +--rw access-list-seq-rule* [sequence]
    |  |  +--rw sequence    uint64
    |  |  +--rw ace-rule
    |  |  |  +--rw action?                    enumeration
    |  |  |  +--rw protocol?                  union
    |  |  |  +--rw object-group-str?          string
    |  |  |  +--rw (source-choice)?
    |  |  |  |  +--:(ipv4-prefix-case)
    |  |  |  |  |  +--rw ipv4-address         inet:ipv4-address
    |  |  |  |  |  +--rw mask                 inet:ipv4-address
    |  |  |  |  +--:(any-case)
    |  |  |  |  |  +--rw any?                 empty
    |  |  |  |  +--:(host-case)
    |  |  |  |  |  +--rw host?                ios-types:ipv4-host
    |  |  |  |  +--:(object-group-case)
    |  |  |  |     +--rw object-group?        string
    |  |  |  +--rw (src-port-choice)?
    |  |  |  |  +--:(src-eq-case)
    |  |  |  |  |  +--rw src-eq?              acl-port-type
    |  |  |  |  +--:(src-gt-case)
    |  |  |  |  |  +--rw src-gt?              acl-port-type
    |  |  |  |  +--:(src-lt-case)
    |  |  |  |  |  +--rw src-lt?              acl-port-type
    |  |  |  |  +--:(src-neq-case)
    |  |  |  |  |  +--rw src-neq?             acl-port-type
    |  |  |  |  +--:(src-range-case)
    |  |  |  |     +--rw src-range1?          acl-port-type
    |  |  |  |     +--rw src-range2?          acl-port-type
    |  |  |  +--rw (destination-choice)?
    |  |  |  |  +--:(ipv4-prefix-case)
    |  |  |  |  |  +--rw dest-ipv4-address    inet:ipv4-address
    |  |  |  |  |  +--rw dest-mask            inet:ipv4-address
    |  |  |  |  +--:(any-case)
    |  |  |  |  |  +--rw dst-any?             empty
    |  |  |  |  +--:(host-case)
    |  |  |  |  |  +--rw dst-host?            ios-types:ipv4-host
    |  |  |  |  +--:(object-group-case)
    |  |  |  |     +--rw dst-object-group?    string
    |  |  |  +--rw (dst-port-choice)?
    |  |  |  |  +--:(dst-eq-case)
    |  |  |  |  |  +--rw dst-eq?              acl-port-type
    |  |  |  |  +--:(dst-gt-case)
    |  |  |  |  |  +--rw dst-gt?              acl-port-type
    |  |  |  |  +--:(dst-lt-case)
    |  |  |  |  |  +--rw dst-lt?              acl-port-type
    |  |  |  |  +--:(dst-neq-case)
    |  |  |  |  |  +--rw dst-neq?             acl-port-type
    |  |  |  |  +--:(dst-range-case)
    |  |  |  |     +--rw dst-range1?          acl-port-type
    |  |  |  |     +--rw dst-range2?          acl-port-type
```

## Creating JSON Payload

![json%20payload%20creation.png](json%20payload%20creation.png)

In [None]:
payload = json.loads(
'''{"Cisco-IOS-XE-acl:extended": {
        "name": 104,
        "access-list-seq-rule": [
            {
                "sequence": 48,
                "ace-rule": {
                    "action": "permit",
                    "protocol": "ip",
                    "host": "55.49.30.10",
                    "dst-any": [
                        null
                    ]
                }
            }
        ]
    }
}''')


o = session.patch(url('data', 'Cisco-IOS-XE-native:native/ip/access-list/extended=104'),json=payload)

if o.status_code == 204:
    print("configuration is successful")
else:
    print(o.status_code)

Modified ACL configuration:

```
Spoke1#show ip access-lists
Extended IP access list 104
    10 permit ip host 1.1.1.1 any
    48 permit ip host 55.49.30.10 any
Spoke1#

```

## Get Running configuration

URL to get running configuration from the router 
    
    https://{ADDRESS:PORT}/restconf/data/Cisco-IOS-XE-native:native
            

In [None]:
o = session.get(url('data', 'Cisco-IOS-XE-native:native/'))

if o.status_code == 200:
    print("Configuration retrieved successfully" , "\n\n" , o.text)
else:
    print(o.status_code)

# Save Configuration

Configuration changes done will be in running configuration. We have to run below code to save the configuration to startup. 

In [None]:
o = session.post(url('operations', 'cisco-ia:save-config/'))
                  
print(o.status_code, '\n\n' , o.text)

Sample Output:

Before saving configuration:

```
Spoke1#show startup | sec access-list
access-list 104 permit ip host 1.1.1.1 any
```

After saving configuration:

```
Spoke1#show run | sec access-list
access-list 104 permit ip host 1.1.1.1 any
access-list 104 permit ip host 55.45.30.10 any
Spoke1#
```