IPAM RESTx is a Flask-based IP Address Management (IPAM) REST API. This project is designed for educational purposes, created while studying for the Cisco DevNet Expert certification. Created to better understand RESTful API design. Not suggested for use in production networks.
- User Authentication and Authorization
- CRUD operations for network resources (VRFs, subnets, supernets, addresses)
- RESTful API design
- Database integration using SQLAlchemy
- Unit tests for all API endpoints
- Python 3.6 or higher
- Pip (Python package installer)
- Virtual environment (recommended)
- SQLite (for local testing and development)
- Clone the repository:
git clone https://github.com/jamesduv9/ipam_restx.git
- Navigate to the project directory:
cd ipam_restx
- Create a virtual environment (optional but recommended):
python -m venv venv
- Activate the virtual environment:
- On Windows:
venv\Scripts\activate
- On Unix or MacOS:
source venv/bin/activate
- On Windows:
- Install the required dependencies:
pip install -r requirements.txt
Before running the application, ensure the environment is properly configured:
- Set the
MASTER_APIKEY
environment variable for initial setup and authentication.
- Start the application:
python app.py
- The application will start on
http://localhost:8080
.
A Dockerfile is also provided, you will need to adjust the configuration to include volumes, or setup an external db to keep persistant data.
The following are the primary endpoints provided by the API:
- Authentication:
/auth/login
,/auth/register
,/auth/authorize
,/auth/delete
,/auth/user-status
- VRF Management:
/api/v1/vrf
- Subnet Management:
/api/v1/subnet
- Supernet Management:
/api/v1/supernet
- Address Management:
/api/v1/address
- RPC actions:
api/v1/rpc/getUsableAddresses
,/api/v1/rpc/getUsableSubnet
Swagger documentation is available at - /doc
User accounts are associated to a username and password and are not granted long term apikeys, the user must login using the /auth/login
route. This request will respond with X-Ipam-Apikey
in the response body, this apikey must be present in subsequent requests
CURL example:
curl -X POST "http://127.0.0.1:8080/auth/login" \
-d '{"username":"admin","password":"password"}' \
-H "Content-Type: application/json"
Response:
{
"data": {
"X-Ipam-Apikey": "Z6TZUdPim5cI3hA14Cb8Fw",
"expiration": "Tue, 09 Jan 2024 00:44:12 GMT",
"permission_level": 15
},
"status": "Success"
}
Permissions are based on different levels ranging 0-15 and checked via the @apikey_validate decorator. In general priv 15 is used for creating new accounts and approvals, 10 is used for write operations, and 5 is used for read. When the application is first launched, a default admin account with privilege level 15 is created with username "admin" and password set to the MASTER_APIKEY env variable. The default admin will always be created on launch as long as there is not another privilege level 15 account
To register a new privilege 15 user do the following:
- User register to use the app using the authentication URI
/auth/register
- Default admin or other privilege level 15 account can authorize the user, and set his permissions at
/auth/authorize
- The new privilege 15 user can now delete the default administrator account
CURL example:
#1. Get the default admin's Apikey
curl -X POST "http://127.0.0.1:8080/auth/login" -d '{"username":"admin","password":"password"}' -H "Content-Type: application/json" --silent | jq
{
"data": {
"X-Ipam-Apikey": "Vfp_0TsOf_vPVkZQiVnvvA",
"expiration": "Tue, 09 Jan 2024 15:36:38 GMT",
"permission_level": 15
},
"status": "Success"
}
#2. Register a new user
curl -X POST "http://127.0.0.1:8080/auth/register" -d '{"username":"new_user","password":"new_user"}' -H "Content-Type: application/json"
{
"status":"Success"
}
#3. Set the new user's permissions with apikey set
curl -X POST "http://127.0.0.1:8080/auth/authorize" -d '{"username": "new_user", "permission_level": 15}' -H "Content-Type: application/json" -H "X-Ipam-Apikey: Vfp_0TsOf_vPVkZQiVnvvA" --silent | jq
{
"status": "Success"
}
#4. Login as new user
curl -X POST "http://127.0.0.1:8080/auth/login" -d '{"username":"new_user","password":"new_user"}' -H "Content-Type: application/json" --silent | jq
{
"data": {
"X-Ipam-Apikey": "eqwgqycU8m8WHITnMN2ChA",
"expiration": "Tue, 09 Jan 2024 15:41:45 GMT",
"permission_level": 15
},
"status": "Success"
}
A basic CLI is provided using click "cli.py" with all api functionality. The cli should provide sufficient documentation through --help
Usage: cli.py [OPTIONS] COMMAND [ARGS]...
Interacts with the ipam_restx api through requests library
Options:
--help Show this message and exit.
Commands:
auth Access the menu for auth routes - /auth
ipam-crud Access the menu for CRUD operations on the IPAM - /api/v1/
rpc Access the menu for rpc routes - /api/v1/rpc
Unit tests for each endpoint are created through pytest, perform a test from the application's root directory:
pytest