I don't want to generate another dummy email address and user account so I can generate another API key which is read-only ...
Is it possible to knobble the Python SDK so that it only allows Get() style requests with some magic parameter? Effectively making it only allow read-only style functions?
This would be great. I always have two additional accounts for RW and RO. I also tried one account for which I changed the permission to write when I wanted to configure something and back to read when only collecting data. But that is not really practical.
Not that I'm aware of, it'd be easy to evade by anyone able to edit the Python script, but it would be a good feature, you could make a wish for it.
Other ideas...
Create a script that takes the OpenAPI spec and creates an alternate library, say 'meraki_gets', that has function in it, and passes through all the functions starting 'get' to the real library, while replacing all the others with functions that do nothing.
Simpler would be nobble the Meraki library itself, filtering the endpoint url in the request function in rest_session.py - I've sometimes made changes to rest_session.py to work around API/library bugs, just need to remember to keep the changes after library updates! Need to do it in both async and sync versions.
It looks like there is a config item called "simulate" that only allows GET calls. I just tested it - and it is exactly what I am looking for.
https://github.com/meraki/dashboard-api-python/blob/main/meraki/rest_session.py#L167
https://github.com/meraki/dashboard-api-python/blob/main/meraki/__init__.py#L71
dashboard = meraki.DashboardAPI(
output_log=False,
print_console=False,
simulate=True
)
Ooo, that's handy! Just filters out any request that isn't GET.
I often use the simulate mode, when while starting out on a script, just to be sure I don't accidently post something unexpected to those orgs I use to test against. 🙂