Advanced techniques
SSH Extension
You can store and use SSH passwords with set-secret command in the same way as the OnSight CLI.
$ ./onsight-dev.sh set-secret --user test --password sample-pass
You can view the stored password with list-secret command. The passwords will be displayed as encrypted.
$ ./onsight-dev.sh list-secret
test@any 70612870616e6f70746129f2c1497df1bb80d2eaa2502870616e6f7074612930340074096693c30ace71609d7ed85a2870616e6f70746129efb6bc82ee045729ba26b301d6796f952870616e6f7074612954744468634b50545578556b41324b437257707971
Sample of how to run ssh command with the stored secret in plugin
self.execute_ssh_with_secret_password("command", hostname, "test")
Fabric Extension
If you want to build and test custom plugins which use Fabric Helper functions to access FortiGate, you should use API token authentication in onsight-dev regardless of how you actually integrate them in the production environment.
First, get API token from the FortiGate GUI (System > Administrators > Create REST API Admin).
Add fortiapi-token variable to metadata:
"fortiapi-token": "csHkh94cr0QQf8tb9px5N80w34fh11",
Optionally, you may need to add fortiapi-ip and fortiapi-port to specify IP/Port of the target FortiGate. you may need these when you run onsight-dev from an external network. First, check the connectivity to the target FortiGate.
"fortiapi-ip": "35.232.85.200",
"fortiapi-port": 443,
In your plugins, Fabric Helper functions will work in the same way regardless of integration methods. For example,
self.fortiapi_fortios(instance_id, "/api/v2/monitor/system/resource/usage?resource=mem&interval=1-min"
)
SNMP Extension
If you want to build and test custom plugins which send SNMP queries, you should add variables to metadata for SNMP access to the target device.
SNMP version 1 or 2c
"snmp-version": "2c",
"snmp-community-string": "public",
SNMP version 3
"snmp-version": "3",
"snmp-user": "sha1-aes256",
"snmp-auth-protocol": "sha1",
"snmp-auth-key": "authkey1",
"snmp-privacy-protocol": "aes-256",
"snmp-privacy-key": "privkey1",
Available auth protocol
-
None (no authentication)
-
md5
-
sha1
-
sha-224
-
sha-256
-
sha-384
-
sha-512
Available privacy protocol
-
None (no encryption)
-
des
-
aes
-
aes-192
-
aes-256
-
aes-256-c