cisco-ise 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/LICENSE.txt +20 -0
- data/README.rdoc +276 -0
- data/lib/cisco-ise.rb +165 -0
- data/lib/cisco-ise/acct-status-api.rb +35 -0
- data/lib/cisco-ise/acct-status-element.rb +17 -0
- data/lib/cisco-ise/active-count-api.rb +27 -0
- data/lib/cisco-ise/active-list-api.rb +35 -0
- data/lib/cisco-ise/active-session.rb +10 -0
- data/lib/cisco-ise/auth-list-api.rb +36 -0
- data/lib/cisco-ise/auth-status-api.rb +40 -0
- data/lib/cisco-ise/auth-status-element.rb +15 -0
- data/lib/cisco-ise/coa.rb +54 -0
- data/lib/cisco-ise/delete-api.rb +55 -0
- data/lib/cisco-ise/disconnect-api.rb +49 -0
- data/lib/cisco-ise/end-point-ip-address-api.rb +33 -0
- data/lib/cisco-ise/failure-reason.rb +8 -0
- data/lib/cisco-ise/failure-reasons-api.rb +46 -0
- data/lib/cisco-ise/http-session.rb +99 -0
- data/lib/cisco-ise/mac-address-api.rb +33 -0
- data/lib/cisco-ise/nas-ip-address-api.rb +33 -0
- data/lib/cisco-ise/posture-count-api.rb +25 -0
- data/lib/cisco-ise/product.rb +16 -0
- data/lib/cisco-ise/profiler-count-api.rb +25 -0
- data/lib/cisco-ise/reauth-api.rb +49 -0
- data/lib/cisco-ise/session-count.rb +9 -0
- data/lib/cisco-ise/session-parameters.rb +109 -0
- data/lib/cisco-ise/user-name-api.rb +33 -0
- data/lib/cisco-ise/version-api.rb +43 -0
- data/test/helper.rb +83 -0
- data/test/test_active-session.rb +22 -0
- data/test/test_auth-status-element.rb +22 -0
- data/test/test_cisco-ise.rb +4 -0
- data/test/test_product.rb +24 -0
- metadata +86 -0
@@ -0,0 +1,99 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
require 'net/https'
|
3
|
+
require "rexml/document"
|
4
|
+
|
5
|
+
module CiscoISE
|
6
|
+
|
7
|
+
#
|
8
|
+
# Create an ISE HTTP Session Handler
|
9
|
+
#
|
10
|
+
# #Parameters
|
11
|
+
# host<String>:: The IP address or DNS name of the ISE MnT to be queried
|
12
|
+
# username<String>:: The username used for authenticating to the ISE
|
13
|
+
# password<String>:: The password used for authenticating to the ISE
|
14
|
+
# use_ssl<TrueClass|FalseClass>:: A flag indicating whether SSL should be used. Default is TRUE, which is SSL enabled
|
15
|
+
# verify_cert<TrueClass|FalseClass>:: A flag indicating whether certificate validation should be performed. Default is FALSE, which is certificate will not be validated
|
16
|
+
# debug<TrueClass|FalseClass>:: A flag indicating whether debug data should be output
|
17
|
+
#
|
18
|
+
# @examples
|
19
|
+
# #Create session
|
20
|
+
# ise_session = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
|
21
|
+
#
|
22
|
+
#
|
23
|
+
class HttpSession
|
24
|
+
|
25
|
+
SSL_ENABLED = true
|
26
|
+
SSL_DISABLED = false
|
27
|
+
CERT_VERIFY_ENABLED = true
|
28
|
+
CERT_VERIFY_DISABLED = false
|
29
|
+
|
30
|
+
def initialize(host, username, password, use_ssl = SSL_ENABLED, verify_cert = CERT_VERIFY_DISABLED, debug = FALSE)
|
31
|
+
|
32
|
+
# hostname or IP of ISE to connect too
|
33
|
+
@host = host
|
34
|
+
|
35
|
+
# username to use to authenticate to ISE
|
36
|
+
@username = username
|
37
|
+
|
38
|
+
# password to use to authenticate to ISE
|
39
|
+
@password = password
|
40
|
+
|
41
|
+
# use SSL
|
42
|
+
@use_ssl = use_ssl
|
43
|
+
|
44
|
+
# should certificate be verified when using SSL
|
45
|
+
@verify_cert = verify_cert
|
46
|
+
|
47
|
+
# lets initialize the http sessions
|
48
|
+
setup_http_session
|
49
|
+
|
50
|
+
# last response from api call
|
51
|
+
@last_response = ''
|
52
|
+
|
53
|
+
# debugging enabled?
|
54
|
+
@debug = debug
|
55
|
+
|
56
|
+
end
|
57
|
+
|
58
|
+
#
|
59
|
+
# The primary interface of this class which issues a single API command and returns a parsed XML document of the response
|
60
|
+
#
|
61
|
+
def call_api(command, delete = false)
|
62
|
+
REXML::Document.new(execute_one_call(command, delete))
|
63
|
+
end
|
64
|
+
|
65
|
+
|
66
|
+
|
67
|
+
private
|
68
|
+
|
69
|
+
# root of all API calls
|
70
|
+
API_ROOT = '/ise/mnt/api/'
|
71
|
+
|
72
|
+
# Setup the http session ready for use
|
73
|
+
def setup_http_session
|
74
|
+
@http = Net::HTTP.new(@host, (@use_ssl ? 443 : 80))
|
75
|
+
@http.use_ssl = @use_ssl
|
76
|
+
@http.verify_mode = OpenSSL::SSL::VERIFY_NONE unless @verify_cert
|
77
|
+
end
|
78
|
+
|
79
|
+
# Execute a single HTTP request and return its response
|
80
|
+
def execute_one_call(command, delete)
|
81
|
+
@http.start do |http|
|
82
|
+
puts "DEBUG: API Call : #{API_ROOT + command}" if @debug
|
83
|
+
|
84
|
+
# The ISE API can use either GET or DELETE for calls. Ensure the correct method is used.
|
85
|
+
req = delete ? Net::HTTP::Delete.new(API_ROOT + command) : Net::HTTP::Get.new(API_ROOT + command)
|
86
|
+
|
87
|
+
# Authentication enable
|
88
|
+
req.basic_auth(@username, @password)
|
89
|
+
resp = http.request(req).body
|
90
|
+
puts "DEBUG: Response : #{resp}" if @debug
|
91
|
+
return resp
|
92
|
+
end
|
93
|
+
''
|
94
|
+
end
|
95
|
+
|
96
|
+
end
|
97
|
+
|
98
|
+
end
|
99
|
+
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'cisco-ise/session-parameters'
|
2
|
+
|
3
|
+
module CiscoISE
|
4
|
+
|
5
|
+
#
|
6
|
+
# Make a MAC Address API call
|
7
|
+
#
|
8
|
+
# #Parameters
|
9
|
+
# session<CiscoISE::HttpSession>:: The ISE http session that the API call should be made against
|
10
|
+
#
|
11
|
+
# @examples
|
12
|
+
# #Create session
|
13
|
+
# ise_session = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
|
14
|
+
#
|
15
|
+
# #Obtain a list of sessions for a specific MAC Address
|
16
|
+
# mac = CiscoISE::MacAddressApi.new(ise_session,'00:17:89:01:23:45')
|
17
|
+
#
|
18
|
+
# #Iterate through each MAC Address record
|
19
|
+
# mac.each do |record|
|
20
|
+
# puts record.user_name + ":" + record.nas_ip_address
|
21
|
+
# end
|
22
|
+
#
|
23
|
+
# #Output the raw XML
|
24
|
+
# puts mac.xml.to_s
|
25
|
+
#
|
26
|
+
class MacAddressApi < CommonSession
|
27
|
+
|
28
|
+
def initialize(session, mac_address)
|
29
|
+
super(session, "Session/MACAddress/#{mac_address}")
|
30
|
+
end
|
31
|
+
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'cisco-ise/session-parameters'
|
2
|
+
|
3
|
+
module CiscoISE
|
4
|
+
|
5
|
+
#
|
6
|
+
# Make a NAS IP Address API call
|
7
|
+
#
|
8
|
+
# #Parameters
|
9
|
+
# session<CiscoISE::HttpSession>:: The ISE http session that the API call should be made against
|
10
|
+
#
|
11
|
+
# @examples
|
12
|
+
# #Create session
|
13
|
+
# ise_session = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
|
14
|
+
#
|
15
|
+
# #Obtain a list of sessions for a specific NAS
|
16
|
+
# session = CiscoISE::NasIpAddressApi.new(ise_session,'1.1.1.1')
|
17
|
+
#
|
18
|
+
# #Iterate through each session
|
19
|
+
# session.each do |record|
|
20
|
+
# puts record.user_name + ":" + record.nas_ip_address
|
21
|
+
# end
|
22
|
+
#
|
23
|
+
# #Output the raw XML
|
24
|
+
# puts session.xml.to_s
|
25
|
+
#
|
26
|
+
class NasIpAddressApi < CommonSession
|
27
|
+
|
28
|
+
def initialize(session, ip_address)
|
29
|
+
super(session, "Session/IPAddress/#{ip_address}")
|
30
|
+
end
|
31
|
+
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'cisco-ise/session-count'
|
2
|
+
|
3
|
+
module CiscoISE
|
4
|
+
|
5
|
+
#
|
6
|
+
# Make a Posture Count API call
|
7
|
+
#
|
8
|
+
# #Parameters
|
9
|
+
# session<CiscoISE::HttpSession>:: The ISE http session that the API call should be made against
|
10
|
+
#
|
11
|
+
# @examples
|
12
|
+
# #Create session
|
13
|
+
# ise_session = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
|
14
|
+
#
|
15
|
+
# #Access the count
|
16
|
+
# count = CiscoISE::ProstureCountApi.new(ise_session).count
|
17
|
+
#
|
18
|
+
class PostureCountApi < CommonCount
|
19
|
+
|
20
|
+
def initialize(session)
|
21
|
+
super(session, 'Session/PostureCount')
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
module CiscoISE
|
2
|
+
#
|
3
|
+
# Class to store parsed data from a Version API call. Refer to version-api.rb for usage examples.
|
4
|
+
#
|
5
|
+
class Product < CommonElement
|
6
|
+
|
7
|
+
attr_accessor :name, :version, :type_of_node
|
8
|
+
|
9
|
+
#
|
10
|
+
# return the node type using the ISE defined mnemonics
|
11
|
+
#
|
12
|
+
def type_of_node_as_code
|
13
|
+
%w[STANDALONE_MNT_NODE ACTIVE_MNT_NODE BACKUP_MNT_NODE NOT_AN_MNT_NODE][@type_of_node.to_i] ||= "Unknown node value of #{@type_of_node}"
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'cisco-ise/session-count'
|
2
|
+
|
3
|
+
module CiscoISE
|
4
|
+
|
5
|
+
#
|
6
|
+
# Make a Profiler Count API call
|
7
|
+
#
|
8
|
+
# #Parameters
|
9
|
+
# session<CiscoISE::HttpSession>:: The ISE http session that the API call should be made against
|
10
|
+
#
|
11
|
+
# @examples
|
12
|
+
# #Create session
|
13
|
+
# ise_session = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
|
14
|
+
#
|
15
|
+
# #Access the count
|
16
|
+
# count = CiscoISE::ProfilerCountApi.new(ise_session).count
|
17
|
+
#
|
18
|
+
class ProfilerCountApi < CommonCount
|
19
|
+
|
20
|
+
def initialize(session)
|
21
|
+
super(session, 'Session/ProfilerCount')
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
module CiscoISE
|
2
|
+
|
3
|
+
#
|
4
|
+
# Make a Reauth API call
|
5
|
+
#
|
6
|
+
# #Parameters
|
7
|
+
# session<CiscoISE::HttpSession>:: The ISE http session that the API call should be made against
|
8
|
+
#
|
9
|
+
# @examples
|
10
|
+
# #Create session
|
11
|
+
# ise_session = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
|
12
|
+
#
|
13
|
+
# #Get a list of active users
|
14
|
+
# auth = CiscoISE::AuthListApi.new(ise_session)
|
15
|
+
#
|
16
|
+
# #Reauth a specific user
|
17
|
+
# active.each do |record|
|
18
|
+
# if record.user_name == 'someuser'
|
19
|
+
# puts "Ooops, something went wrong" unless CiscoISE::ReauthApi.new(ise_session).rerun(record).success?
|
20
|
+
# end
|
21
|
+
#
|
22
|
+
class ReauthApi < Coa
|
23
|
+
|
24
|
+
#
|
25
|
+
# Reauth type REAUTH_TYPE_DEFAULT = 0
|
26
|
+
#
|
27
|
+
def default(active)
|
28
|
+
type_zero(active, :reauth)
|
29
|
+
self
|
30
|
+
end
|
31
|
+
|
32
|
+
#
|
33
|
+
# Reauth type REAUTH_TYPE_LAST = 1
|
34
|
+
#
|
35
|
+
def last(active)
|
36
|
+
type_one(active, :reauth)
|
37
|
+
self
|
38
|
+
end
|
39
|
+
|
40
|
+
#
|
41
|
+
# Reauth type REAUTH_TYPE_RERUN = 2
|
42
|
+
#
|
43
|
+
def rerun(active)
|
44
|
+
type_two(active, :reauth)
|
45
|
+
self
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
module CiscoISE
|
2
|
+
#
|
3
|
+
# Class to store parsed data from APIs returning a SessionCount object. Refer to active-count-api.rb,
|
4
|
+
# profiler-count-api.rb and posture-count-api.rb for usage examples.
|
5
|
+
#
|
6
|
+
class SessionCount < CommonElement
|
7
|
+
attr_accessor :count
|
8
|
+
end
|
9
|
+
end
|
@@ -0,0 +1,109 @@
|
|
1
|
+
|
2
|
+
module CiscoISE
|
3
|
+
|
4
|
+
#
|
5
|
+
# Class to store parsed data from APIs returning a SessionParameter object. Refer to end-point-ip-address-api.rb,
|
6
|
+
# mac-address-api.rb and nas-ip-address-api.rb for usage examples.
|
7
|
+
#
|
8
|
+
class SessionParameters < CommonElement
|
9
|
+
attr_accessor :passed,
|
10
|
+
:failed,
|
11
|
+
:user_name,
|
12
|
+
:nas_ip_address,
|
13
|
+
:failure_reason,
|
14
|
+
:calling_station_id,
|
15
|
+
:nas_port,
|
16
|
+
:identity_group,
|
17
|
+
:network_device_name,
|
18
|
+
:acs_server,
|
19
|
+
:authen_protocol,
|
20
|
+
:framed_ip_address,
|
21
|
+
:network_device_groups,
|
22
|
+
:access_service,
|
23
|
+
:auth_acs_timestamp,
|
24
|
+
:authentication_method,
|
25
|
+
:execution_steps,
|
26
|
+
:radius_response,
|
27
|
+
:audit_session_id,
|
28
|
+
:nas_identifier,
|
29
|
+
:nas_port_id,
|
30
|
+
:nac_policy_compliance,
|
31
|
+
:auth_id,
|
32
|
+
:auth_acsview_timestamp,
|
33
|
+
:message_code,
|
34
|
+
:acs_session_id,
|
35
|
+
:service_selection_policy,
|
36
|
+
:authorization_policy,
|
37
|
+
:identity_store,
|
38
|
+
:response,
|
39
|
+
:service_type,
|
40
|
+
:cts_security_group,
|
41
|
+
:use_case,
|
42
|
+
:cisco_av_pair,
|
43
|
+
:ad_domain,
|
44
|
+
:acs_username,
|
45
|
+
:radius_username,
|
46
|
+
:nac_role,
|
47
|
+
:nac_username,
|
48
|
+
:nac_posture_token,
|
49
|
+
:nac_radius_is_user_auth,
|
50
|
+
:selected_posture_server,
|
51
|
+
:selected_identity_store,
|
52
|
+
:authentication_identity_store,
|
53
|
+
:azn_exp_pol_matched_rule,
|
54
|
+
:ext_pol_server_matched_rule,
|
55
|
+
:grp_mapping_pol_matched_rule,
|
56
|
+
:identity_policy_matched_rule,
|
57
|
+
:nas_port_type,
|
58
|
+
:query_identity_stores,
|
59
|
+
:selected_azn_profiles,
|
60
|
+
:sel_exp_azn_profiles,
|
61
|
+
:selected_query_identity_stores,
|
62
|
+
:eap_tunnel,
|
63
|
+
:tunnel_details,
|
64
|
+
:cisco_h323_attributes,
|
65
|
+
:cisco_ssg_attributes,
|
66
|
+
:other_attributes,
|
67
|
+
:response_time,
|
68
|
+
:nad_failure,
|
69
|
+
:destination_ip_address,
|
70
|
+
:acct_id,
|
71
|
+
:acct_acs_timestamp,
|
72
|
+
:acct_acsview_timestamp,
|
73
|
+
:acct_session_id,
|
74
|
+
:acct_status_type,
|
75
|
+
:acct_session_time,
|
76
|
+
:acct_input_octets,
|
77
|
+
:acct_output_octets,
|
78
|
+
:acct_input_packets,
|
79
|
+
:acct_output_packets,
|
80
|
+
:acct_class,
|
81
|
+
:acct_terminate_cause,
|
82
|
+
:acct_multi_session_id,
|
83
|
+
:acct_authentic,
|
84
|
+
:termination_action,
|
85
|
+
:session_timeout,
|
86
|
+
:idle_timeout,
|
87
|
+
:acct_interim_interval,
|
88
|
+
:acct_delay_time,
|
89
|
+
:event_timestamp,
|
90
|
+
:acct_tunnel_connection,
|
91
|
+
:acct_tunnel_packet_lost,
|
92
|
+
:security_group,
|
93
|
+
:cisco_h323_setup_time,
|
94
|
+
:cisco_h323_connect_time,
|
95
|
+
:cisco_h323_disconnect_time,
|
96
|
+
:framed_protocol,
|
97
|
+
:started,
|
98
|
+
:stopped,
|
99
|
+
:ckpt_id,
|
100
|
+
:type,
|
101
|
+
:nad_acsview_timestamp,
|
102
|
+
:vlan,
|
103
|
+
:dacl,
|
104
|
+
:authentication_type,
|
105
|
+
:interface_name,
|
106
|
+
:reason,
|
107
|
+
:endpoint_policy
|
108
|
+
end
|
109
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'cisco-ise/session-parameters'
|
2
|
+
|
3
|
+
module CiscoISE
|
4
|
+
#
|
5
|
+
# Make a User Name API call and return a Session Parameter object
|
6
|
+
#
|
7
|
+
# #Parameters
|
8
|
+
# session<CiscoISE::HttpSession>:: The ISE http session that the API call should be made against
|
9
|
+
# user_name<String>:: The user name that we are asking the ISE to search for.
|
10
|
+
#
|
11
|
+
# @examples
|
12
|
+
# #create session
|
13
|
+
# ise_session = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
|
14
|
+
#
|
15
|
+
# #issue version API call and retrieve the product
|
16
|
+
# user_name_search = CiscoISE::UserNameApi.new(ise_session, 'username')
|
17
|
+
#
|
18
|
+
# #work with the parsed XML data
|
19
|
+
# user_name_search.each do |record|
|
20
|
+
# puts record.user_name + "|" + record.nas_ip_address
|
21
|
+
# end
|
22
|
+
#
|
23
|
+
# #view the raw XML
|
24
|
+
# puts user_name_search.xml.to_s
|
25
|
+
#
|
26
|
+
class UserNameApi < CommonSession
|
27
|
+
|
28
|
+
def initialize(session, user_name)
|
29
|
+
super(session, "Session/UserName/#{user_name}")
|
30
|
+
end
|
31
|
+
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require 'cisco-ise/product'
|
2
|
+
|
3
|
+
module CiscoISE
|
4
|
+
|
5
|
+
#
|
6
|
+
# Make a Version API call and return a Product object
|
7
|
+
#
|
8
|
+
# #Parameters
|
9
|
+
# session<CiscoISE::HttpSession>:: The ISE http session that the API call should be made against
|
10
|
+
#
|
11
|
+
# @examples
|
12
|
+
# #create session
|
13
|
+
# ise_session = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
|
14
|
+
#
|
15
|
+
# #issue version API call and retrieve the product
|
16
|
+
# product = CiscoISE::VersionApi.new(ise_session).product
|
17
|
+
#
|
18
|
+
# #work with the parsed XML data
|
19
|
+
# puts product.name
|
20
|
+
# puts product.type_of_node
|
21
|
+
# puts product.version
|
22
|
+
# puts product.type_of_node_as_code
|
23
|
+
#
|
24
|
+
# #view the raw XML
|
25
|
+
# puts product.xml.to_s
|
26
|
+
#
|
27
|
+
|
28
|
+
class VersionApi < CommonElement
|
29
|
+
|
30
|
+
def initialize(session)
|
31
|
+
@xml = session.call_api('Version')
|
32
|
+
self
|
33
|
+
end
|
34
|
+
|
35
|
+
#
|
36
|
+
# Parse the api response and return a product object
|
37
|
+
#
|
38
|
+
def product
|
39
|
+
CiscoISE::Product.new(@xml.elements['product'])
|
40
|
+
end
|
41
|
+
|
42
|
+
end
|
43
|
+
end
|