cisco-ise 0.1.0

data/lib/cisco-ise/acct-status-api.rb

@@ -0,0 +1,35 @@
+require 'cisco-ise/acct-status-element'
+
+module CiscoISE
+
+  #
+  # Make an Acct Status API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  # mac_address<String>:: The MAC address that is being search for
+  # duration(Fixnum)  How many seconds to look back for the account status
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Create and Acct Status session
+  #   acct = CiscoISE::AcctStatusApi.new(ise_session, '00:17:89:01:23:45', 20000)
+  #
+  #   acct.each do |element|
+  #     puts element.calling_station_id + ':' + element.paks_in
+  #   end
+  #
+  class AcctStatusApi < CommonList
+
+      def initialize(session, mac_address, duration = 0)
+        super(session, "AcctStatus/MACAddress/#{mac_address}/#{duration}")
+      end
+
+      def each
+        super('/acctStatusOutputList/acctStatusList/acctStatusElements',CiscoISE::AcctStatusElement)
+      end
+
+  end
+end

data/lib/cisco-ise/acct-status-element.rb

@@ -0,0 +1,17 @@
+module CiscoISE
+
+  #
+  # Class to store parsed data from a AcctStatusElement objects. Refer to acct-status-api.rb for usage examples.
+  #
+  class AcctStatusElement  < CommonElement
+    attr_accessor :calling_station_id,
+                  :audit_session_id,
+                  :paks_in,
+                  :paks_out,
+                  :bytes_in,
+                  :bytes_out,
+                  :session_time,
+                  :username,
+                  :server
+  end
+end

data/lib/cisco-ise/active-count-api.rb

@@ -0,0 +1,27 @@
+require 'cisco-ise/session-count'
+
+module CiscoISE
+
+
+  #
+  # Make an Active Count API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Access the count
+  #   count = CiscoISE::ActiveCountApi.new(ise_session).count
+  #
+
+  class ActiveCountApi  < CommonCount
+
+    def initialize(session)
+      super(session, 'Session/ActiveCount')
+    end
+
+  end
+end

data/lib/cisco-ise/active-list-api.rb

@@ -0,0 +1,35 @@
+require 'cisco-ise/active-session'
+
+module CiscoISE
+
+  #
+  # Make an Active List API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Create and Auth List query
+  #   active = CiscoISE::ActiveListApi.new(ise_session)
+  #
+  #   #Iterate through each active status
+  #   active.each do |record|
+  #     puts record.user_name
+  #   end
+  #
+
+  class ActiveListApi < CommonList
+
+    def initialize(session)
+      super(session, 'Session/ActiveList')
+    end
+
+    def each
+      super("*/activeSession",CiscoISE::ActiveSession)
+    end
+
+  end
+end

data/lib/cisco-ise/active-session.rb

@@ -0,0 +1,10 @@
+module CiscoISE
+
+  #
+  # Class to store parsed data from a ActiveSession objects. Refer to active-list-api.rb for usage examples.
+  #
+  class ActiveSession < CommonElement
+    attr_accessor :user_name, :nas_ip_address, :server, :calling_station_id,
+                  :acct_session_id, :audit_session_id, :framed_ip_address
+  end
+end

data/lib/cisco-ise/auth-list-api.rb

@@ -0,0 +1,36 @@
+require 'cisco-ise/active-session'
+
+module CiscoISE
+
+  #
+  # Make an Auth List API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  # start_time<String>:: Limits the auth list query by a time
+  # end_time<String>:: Limits the auth list query by a time
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Create and Auth List query
+  #   auth = CiscoISE::AuthListApi.new(ise_session)
+  #
+  #   #Iterate through each auth status
+  #   auth.each do |record|
+  #     puts record.user_name
+  #   end
+  #
+  class AuthListApi < CommonList
+
+    def initialize(session, start_time = nil, end_time = nil)
+      super(session, "Session/AuthList/#{start_time ? start_time : 'null'}/#{end_time ? end_time : 'null'}")
+    end
+
+    def each
+      super("*/activeSession",CiscoISE::ActiveSession)
+    end
+
+  end
+end

data/lib/cisco-ise/auth-status-api.rb

@@ -0,0 +1,40 @@
+require 'cisco-ise/auth-status-element'
+
+module CiscoISE
+
+  #
+  # Make an Auth Status API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  # seconds<Fixnum>:: Limits results to those that occurred in the past <seconds>
+  # records<Fixnum>:: Limits the amount of records returned
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Create and Auth Status session. By default this query returns records that occurred in the last 10 days
+  #   #(864000 seconds) and limits the records to 200.
+  #   auth = CiscoISE::AuthStatusApi.new(ise_session, '00:17:89:01:23:45')
+  #
+  #   #To limit the results to events in the last hour (60 seconds x 60 minutes = 3600 seconds) and limit the records to 100:
+  #   auth = CiscoISE::AuthStatusApi.new(ise_session, '00:17:89:01:23:45',3600,100)
+
+  #   #Iterate through each auth status
+  #   auth.each do |element|
+  #     puts "doing something with " + element.username
+  #   end
+  #
+  class AuthStatusApi < CommonList
+
+      def initialize(session, mac_address, seconds = 0, records = 0 )
+        super(session, "AuthStatus/MACAddress/#{mac_address}/#{seconds}/#{records}/All")
+      end
+
+      def each
+        super('/authStatusOutputList/authStatusList/authStatusElements',CiscoISE::AuthStatusElement)
+      end
+
+  end
+end

data/lib/cisco-ise/auth-status-element.rb

@@ -0,0 +1,15 @@
+module CiscoISE
+
+  #
+  # Class to store parsed data from a AuthStatusElement objects. Refer to auth-status-api.rb for usage examples.
+  #
+  class AuthStatusElement  < CommonElement
+    attr_accessor :passed, :failed, :user_name, :nas_ip_address, :calling_station_id, :nas_port, :identity_group,
+                  :network_device_name, :acs_server, :framed_ip_address, :network_device_groups, :access_service,
+                  :acs_timestamp, :authentication_method, :execution_steps, :audit_session_id, :nas_port_id,
+                  :nac_policy_compliance, :selected_azn_profiles, :service_type, :message_code, :destination_ip_address,
+                  :nas_port_type, :id, :acsview_timestamp, :acs_session_id, :service_selection_policy, :authorization_policy,
+                  :identity_store, :response, :use_case, :cisco_av_pair, :acs_username, :radius_username,
+                  :authentication_identity_store,:response_time, :other_attributes
+  end # AuthStatusElement
+end

data/lib/cisco-ise/coa.rb

@@ -0,0 +1,54 @@
+module CiscoISE
+
+  #
+  # Generic class to be inherited by any class performing CoA functionality.
+  # Refer to disconnect-api.rb and reauth-api.rb for usage examples.
+  #
+  class Coa < CommonElement
+
+    def initialize(session)
+      @session = session
+      self
+    end
+
+    def success?
+      success = @xml.elements["//results"]
+      success.nil? ? false : success.text == 'true'
+    end
+
+    private
+
+    #
+    # Perform a type zero reauth or disconnect
+    #
+    def type_zero(active, method)
+      coa(active, method, 0)
+      self
+    end
+
+        #
+    # Perform a type one reauth or disconnect
+    #
+    def type_one(active, method)
+      coa(active, method, 1)
+      self
+    end
+
+    #
+    # Perform a type two reauth or disconnect
+    #
+    def type_two(active, method)
+      coa(active, method, 2)
+      self
+    end
+
+    #
+    # Construct and execute the CoA API call
+    #
+    def coa(active, method, type)
+      @xml = @session.call_api("CoA/#{method == :reauth ? 'ReauthApi' : 'DisconnectApi'}/#{active.server}/#{active.calling_station_id}/#{type.to_s}")
+    end
+
+
+  end
+end

data/lib/cisco-ise/delete-api.rb

@@ -0,0 +1,55 @@
+module CiscoISE
+
+  #
+  # Make a Delete API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Create a Delete API session
+  #   delete = CiscoISE::DeleteApi.new(ise_session)
+  #
+  #   #delete a specific MAC address
+  #   delete.mac_address('00:17:89:01:23:45')
+  #
+  #   #verify last delete
+  #   puts delete.success?.to_s
+  #
+  #   #delete all sessions
+  #   delete.all
+  #
+  class DeleteApi
+
+    attr_reader :xml
+
+    def initialize(session)
+      @session = session
+      self
+    end
+
+    def mac_address(mac_address)
+      @xml = @session.call_api("Session/Delete/MACAddress/#{mac_address}", true)
+      self
+    end
+
+    def session_id(session_id)
+      @xml = @session.call_api("Session/Delete/SessionID/#{session_id}", true)
+      self
+    end
+
+    def all
+      @xml = @session.call_api("Session/Delete/All", true)
+      self
+    end
+
+    def success?
+      success = @xml.elements["/mnt-request-result/status"]
+      success.nil? ? false : success.text == 'SUCCESSFUL'
+    end
+
+  end
+end

data/lib/cisco-ise/disconnect-api.rb

@@ -0,0 +1,49 @@
+module CiscoISE
+
+  #
+  # Make a Disconnect API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Get a list of active users
+  #   auth        = CiscoISE::AuthListApi.new(ise_session)
+  #
+  #   #Reauth a specific user
+  #   active.each do |record|
+  #     if record.user_name == 'someuser'
+  #       puts "Ooops, something went wrong" unless CiscoISE::DisconnectApi.new(ise_session).bounce(record).success?
+  #   end
+  #
+  class DisconnectApi < Coa
+
+    #
+    # Disconnect type DYNAMIC_AUTHZ_PORT_DEFAULT = 0
+    #
+    def default(active)
+      type_zero(active, :disconnect)
+      self
+    end
+
+    #
+    # Disconnect type DYNAMIC_AUTHZ_PORT_BOUNCE = 1
+    #
+    def bounce(active)
+      type_one(active, :disconnect)
+      self
+    end
+
+    #
+    # Disconnect type DYNAMIC_AUTHZ_PORT_SHUTDOWN = 2
+    #
+    def shutdown(active)
+      type_two(active, :disconnect)
+      self
+    end
+
+  end
+end

data/lib/cisco-ise/end-point-ip-address-api.rb

@@ -0,0 +1,33 @@
+require 'cisco-ise/session-parameters'
+
+module CiscoISE
+
+  #
+  # Make a End Point IP Address API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Obtain a list of sessions for a specific end point IP Address
+  #   session = CiscoISE::EndPointIpAddressApi.new(ise_session,'10.10.10.10')
+  #
+  #   #Iterate through each session record
+  #   session.each do |record|
+  #     puts record.user_name + ":" + record.nas_ip_address
+  #   end
+  #
+  #   #Output the raw XML
+  #   puts session.xml.to_s
+  #
+  class EndPointIpAddressApi < CommonSession
+
+      def initialize(session, ip_address)
+        super(session, "Session/EndPointIPAddress/#{ip_address}")
+      end
+
+  end
+end

data/lib/cisco-ise/failure-reason.rb

@@ -0,0 +1,8 @@
+module CiscoISE
+  #
+  # Class to store parsed data from a FailureReason objects. Refer to failure-reason-api.rb for usage examples.
+  #
+  class FailureReason < CommonElement
+    attr_accessor :id, :code, :cause, :resolution
+  end
+end

data/lib/cisco-ise/failure-reasons-api.rb

@@ -0,0 +1,46 @@
+require 'cisco-ise/failure-reason'
+
+module CiscoISE
+
+  #
+  # Make a Failure Reason API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Failure Reason List example
+  #   failure       = CiscoISE::FailureReasonsApi.new(ise_session)
+  #
+  #   #Retrieve a specific code
+  #   code = failure.find_code('86023')
+  #   puts code.failure_id + '|' + code.cause
+  #
+  #   #Iterate through each failure code
+  #   failure.each do |code|
+  #     puts code.id + code.cause
+  #   end
+  #
+  #   #Output the raw XML
+  #   puts failure.xml.to_s
+  #
+
+  class FailureReasonsApi < CommonList
+
+      def initialize(session)
+        super(session, 'FailureReasons')
+      end
+
+      def each
+        super("*/failureReason",CiscoISE::FailureReason)
+      end
+
+      def find_code(code)
+        find("*/failureReason[@id='#{code}']", CiscoISE::FailureReason)
+      end
+
+  end
+end