A Rubrik Python Primer

Capture

One of my co-workers over at virtuallysober.com recently posted about using Rubrik’s REST API with PowerShell.  As I’ve been working on my Python-fu, I thought I’d piggyback (or steal…) on his idea and do a similar thing with Python.  First, I’ll distill some of the things I’ve learned about consuming RESTful APIs with Python.  Then, I’ll dive into some of the things you might do with our APIs.

RESTful API Primer

I won’t spend a ton of time on this, as there are a lot of good references out there on what a REST API entails.  The first place to start, like most things, is with Wikipedia.  That might be a bit dry, so a less pedantic place to learn about it might be here.  The basics are that you can communicate with a web service using very straightforward commands like GET, PATCH, POST, etc… The big concept is that those commands are stateless, with the command containing all of the information or state to perform the action.  Also, the API will specify something called an endpoint, which is basically a URL that can accept these RESTful commands.  Rubrik makes it nice to determine what those might be by publishing the documentation on the cluster itself:

https://<rubrik_ip_address>/docs/v1/

Talking to a Webserver in Python

curl

First of all, we need a way to talk to the Rubrik.  You can do this in a couple different ways in Python.  The first is the “curl” command which would look something like this:

curl -k -u admin:pass -X GET 'https://<rubrik_ip_address>/api/v1/vmware/vm'

Let’s parse the above command.  We’ve used the “k” flag to bypass an alert about self-signed certs.  Also, we specified the username and password after the “u” flag.  The next thing is we tell the server what HTTP method we’ll use; here we used a GET command.  Then, the actual endpoint is used.  In this case, we’re asking the cluster for a list of all the VMs, which will be returned as an array of key-value pairs.

However, a big problem with this method is that we need to put our password in plaintext in our code.  What if we wanted to create a “token” instead that could be used in other commands.  We need first to get an authorization code from the Rubrik in order to validate our access to the system.  How do we do that?  By hitting another endpoint, of course!

curl -k -u admin:pass -X POST "https://<rubrik_ip_address>/api/v1/session"

The response will be an array containing the session ID, the token, and the User ID.  Then, the token can be extracted from the array and then used in subsequent commands to the system like so:

curl -k -H 'Authorization: Bearer $token_id' -X GET 'https://<rubrik_ip_address>/api/v1/vmware/vm'

The requests library

Curl is one way to access your system, but probably not the most useful.   A better method when you want to use it programmatically is the excellent Requests library in Python.  This is a library that allows your program/script to pass HTTP requests natively and use the data that returns.  The documentation for requests is very good and you can find it here.

Let’s go through a basic example of how you might connect to Rubrik similarly to the above example.  First, we need to import the requests module, then we will create an object that contains the VMs.

import requests
r = requests.get('<rubrik_ip_address>/api/v1/vmware/vm', verify = False, auth =('admin','pass'))

We use the ‘verify = False’ because the system is using a self-signed certificate.  Again, this has the problem of putting the password in the code in plaintext.  We could get around that by encoding the password with the base64 module then passing it into each command.  However, it’s much more useful to authenticate the session and use the token in each of the proceeding commands.

import requests
session = requests.post('<rubrik_ip_address>/api/v1/session', verify = False, auth =('admin','pass'))
session_token = session.json()
authorization = 'Bearer ' + session_token['token']
vm_list = requests.get('<rubrik_ip_address>/api/v1/vmware/vm', verify = False, headers = {'Content-Type': 'application/json', 'Authorization': authorization})
vm_list_json = vm_list.json()

You’ll notice we take the results of the initial POST command and contain them in the ‘token’ object.  Once we’ve done that, we can access values from with that object by referencing the key, in this case our key is ‘token’.  Once we’ve stored the results of our command in the ‘vm_list’ object, we can retrieve information from it by using the same method we retrieved our key – calling keys that are contained within the JSON file.

Learning More

Now, if you’ve read any of my previous posts, you know I’m a relative novice to the world of Python programming.  So, this represents the very basics of connecting to your Rubrik (or any RESTful system, for that matter).  I recommend going into your system and exploring both the documentation and also our explorer, which is based on the Swagger framework.

In future posts, I’ll go into how you might actually use this information in your day-to-day operations and scripts.

 

Also, if you’d like to learn more about our API and how you might use PowerShell with it, check out my colleague Joshua Stenhouse’s blog at https://virtuallysober.com/2017/05/08/introduction-to-rubrik-rest-apis-using-powershell-swagger/.