Veeam Easy Connect - making REST APIs a bit easier

  • 3 February 2022
  • 8 comments
  • 349 views

Userlevel 4
Badge
  • Comes here often
  • 6 comments

Hi there

I’ve been working on a module to make connecting to Veeam APIs a bit easier when using Python (yes I am a big fan).

https://github.com/shapedthought/veeam-easy-connect

Comments, issues and pull requests welcome.

Cheers, 

Ed


8 comments

Userlevel 7
Badge +8

Thanks for sharing will check it out.

Userlevel 5
Badge

Thanks for sharing! I’m a fan of Python as well. :grin:

This serves as a great example on how to authenticate against both Veeam Backup & Replication and Veeam Backup Enterprise Manager RESTful APIs. I read through the code and wanted to share a few thoughts:

 

- I recommend renaming your auth functions so it’s more clear which API you’re logging into. While I recognize the different ports specified in the URLs, it could cause confusion for others.

 

- I recommend against disabling SSL/TLS verification by default. While it’s typically acceptable in lab environments, disabling this check enables a man-in-the-middle attacks to take place. This doesn’t mean you must change from a self-signed certificate but the Python requests library does support thumbprint verification which allows even self-signed certs to be trusted and verified. 

 

Keep on coding and sharing! Thanks again!

Chris

 

 

 

Userlevel 7
Badge +6

Nice share Ed and really good analysis @Chris.Arceneaux 

Python is a worth-know language code for cybersecurity :)

Userlevel 4
Badge

Nice share Ed and really good analysis @Chris.Arceneaux 

Python is a worth-know language code for cybersecurity :)

Funny you said that I’m slowly working my way through TryHackMe and it comes in very useful. 

Userlevel 4
Badge

Thanks for sharing! I’m a fan of Python as well. :grin:

This serves as a great example on how to authenticate against both Veeam Backup & Replication and Veeam Backup Enterprise Manager RESTful APIs. I read through the code and wanted to share a few thoughts:

 

- I recommend renaming your auth functions so it’s more clear which API you’re logging into. While I recognize the different ports specified in the URLs, it could cause confusion for others.

 

- I recommend against disabling SSL/TLS verification by default. While it’s typically acceptable in lab environments, disabling this check enables a man-in-the-middle attacks to take place. This doesn’t mean you must change from a self-signed certificate but the Python requests library does support thumbprint verification which allows even self-signed certs to be trusted and verified. 

 

Keep on coding and sharing! Thanks again!

Chris

 

 

 

I actually made some changes today as I realised that some of the endpoint are different both in terms of the api version as well the the urls. There is now a json file with all the settings that get pulled in when you create an instance of the class. 

But I will look at adding more methods so it is clearer on which api you are calling. 

On the second point, this is exactly the converstation we had the other day! I’ll add something that will mean you have to explictedly disable verification.

Userlevel 4
Badge

I’ve been working on the AWS SSO over the weekend, should be added soon.

I’ve also changed the way you select the api you want so you know do the following:

vec = VeeamEasyConnect(“username”, “password”)

vec.vbr().login(“192.168.0.123”)

I’ve also added some convience methods including the ability to send a request directly after logging in (get, put & post)

vec.get(“https://path_to_the_resource”)

Userlevel 7
Badge +3

nice work, bookmarked for later :grin:

Userlevel 4
Badge

Quick update, I have moved the installation to Pypi, so you can easily install it via:

pip install veeam-easy-connect

MFA has been tested and working on Azure and AWS, I assume it will work with GCP, but that will be tested soon (unless someone else wants to).

I’m having some problems with getting AWS SSO working, but I’ll get there.

Comment