cisco-ise 0.1.0

data/lib/cisco-ise/http-session.rb

@@ -0,0 +1,99 @@
+require 'openssl'
+require 'net/https'
+require "rexml/document"
+
+module CiscoISE
+
+  #
+  # Create an ISE HTTP Session Handler
+  #
+  # #Parameters
+  # host<String>::  The IP address or DNS name of the ISE MnT to be queried
+  # username<String>::  The username used for authenticating to the ISE
+  # password<String>::  The password used for authenticating to the ISE
+  # use_ssl<TrueClass|FalseClass>:: A flag indicating whether SSL should be used. Default is TRUE, which is SSL enabled
+  # verify_cert<TrueClass|FalseClass>:: A flag indicating whether certificate validation should be performed. Default is FALSE, which is certificate will not be validated
+  # debug<TrueClass|FalseClass>:: A flag indicating whether debug data should be output
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #
+  class HttpSession
+
+    SSL_ENABLED   = true
+    SSL_DISABLED  = false
+    CERT_VERIFY_ENABLED   = true
+    CERT_VERIFY_DISABLED  = false
+
+    def initialize(host, username, password, use_ssl = SSL_ENABLED, verify_cert = CERT_VERIFY_DISABLED, debug = FALSE)
+
+      # hostname or IP of ISE to connect too
+      @host         = host
+
+      # username to use to authenticate to ISE
+      @username     = username
+
+      # password to use to authenticate to ISE
+      @password     = password
+
+      # use SSL
+      @use_ssl      = use_ssl
+
+      # should certificate be verified when using SSL
+      @verify_cert  = verify_cert
+
+      # lets initialize the http sessions
+      setup_http_session
+
+      # last response from api call
+      @last_response = ''
+
+      # debugging enabled?
+      @debug         = debug
+
+    end
+
+    #
+    # The primary interface of this class which issues a single API command and returns a parsed XML document of the response
+    #
+    def call_api(command, delete = false)
+      REXML::Document.new(execute_one_call(command, delete))
+    end
+
+
+
+    private
+
+    # root of all API calls
+    API_ROOT = '/ise/mnt/api/'
+
+    # Setup the http session ready for use
+    def setup_http_session
+      @http              = Net::HTTP.new(@host, (@use_ssl ? 443 : 80))
+      @http.use_ssl      = @use_ssl
+      @http.verify_mode  = OpenSSL::SSL::VERIFY_NONE unless @verify_cert
+    end
+
+    # Execute a single HTTP request and return its response
+    def execute_one_call(command, delete)
+          @http.start do |http|
+              puts "DEBUG: API Call : #{API_ROOT + command}" if @debug
+
+              # The ISE API can use either GET or DELETE for calls. Ensure the correct method is used.
+              req = delete ? Net::HTTP::Delete.new(API_ROOT + command) : Net::HTTP::Get.new(API_ROOT + command)
+
+              # Authentication enable
+              req.basic_auth(@username, @password)
+              resp  = http.request(req).body
+              puts "DEBUG: Response : #{resp}" if @debug
+              return resp
+          end
+          ''
+    end
+
+  end
+
+end
+

data/lib/cisco-ise/mac-address-api.rb

@@ -0,0 +1,33 @@
+require 'cisco-ise/session-parameters'
+
+module CiscoISE
+
+  #
+  # Make a MAC Address API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Obtain a list of sessions for a specific MAC Address
+  #   mac = CiscoISE::MacAddressApi.new(ise_session,'00:17:89:01:23:45')
+  #
+  #   #Iterate through each MAC Address record
+  #   mac.each do |record|
+  #     puts record.user_name + ":" + record.nas_ip_address
+  #   end
+  #
+  #   #Output the raw XML
+  #   puts mac.xml.to_s
+  #
+  class MacAddressApi < CommonSession
+
+      def initialize(session, mac_address)
+        super(session, "Session/MACAddress/#{mac_address}")
+      end
+
+  end
+end

data/lib/cisco-ise/nas-ip-address-api.rb

@@ -0,0 +1,33 @@
+require 'cisco-ise/session-parameters'
+
+module CiscoISE
+
+  #
+  # Make a NAS IP Address API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Obtain a list of sessions for a specific NAS
+  #   session = CiscoISE::NasIpAddressApi.new(ise_session,'1.1.1.1')
+  #
+  #   #Iterate through each session
+  #   session.each do |record|
+  #     puts record.user_name + ":" + record.nas_ip_address
+  #   end
+  #
+  #   #Output the raw XML
+  #   puts session.xml.to_s
+  #
+  class NasIpAddressApi < CommonSession
+
+      def initialize(session, ip_address)
+        super(session, "Session/IPAddress/#{ip_address}")
+      end
+
+  end
+end

data/lib/cisco-ise/posture-count-api.rb

@@ -0,0 +1,25 @@
+require 'cisco-ise/session-count'
+
+module CiscoISE
+
+  #
+  # Make a Posture Count API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Access the count
+  #   count = CiscoISE::ProstureCountApi.new(ise_session).count
+  #
+  class PostureCountApi  < CommonCount
+
+    def initialize(session)
+      super(session, 'Session/PostureCount')
+    end
+
+  end
+end

data/lib/cisco-ise/product.rb

@@ -0,0 +1,16 @@
+module CiscoISE
+  #
+  # Class to store parsed data from a Version API call. Refer to version-api.rb for usage examples.
+  #
+  class Product < CommonElement
+
+    attr_accessor :name, :version, :type_of_node
+
+    #
+    # return the node type using the ISE defined mnemonics
+    #
+    def type_of_node_as_code
+      %w[STANDALONE_MNT_NODE ACTIVE_MNT_NODE BACKUP_MNT_NODE NOT_AN_MNT_NODE][@type_of_node.to_i] ||= "Unknown node value of #{@type_of_node}"
+    end
+  end
+end

data/lib/cisco-ise/profiler-count-api.rb

@@ -0,0 +1,25 @@
+require 'cisco-ise/session-count'
+
+module CiscoISE
+
+  #
+  # Make a Profiler Count API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Access the count
+  #   count = CiscoISE::ProfilerCountApi.new(ise_session).count
+  #
+  class ProfilerCountApi  < CommonCount
+
+    def initialize(session)
+      super(session, 'Session/ProfilerCount')
+    end
+
+  end
+end

data/lib/cisco-ise/reauth-api.rb

@@ -0,0 +1,49 @@
+module CiscoISE
+
+  #
+  # Make a Reauth API call
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  #
+  # @examples
+  #   #Create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #Get a list of active users
+  #   auth        = CiscoISE::AuthListApi.new(ise_session)
+  #
+  #   #Reauth a specific user
+  #   active.each do |record|
+  #     if record.user_name == 'someuser'
+  #       puts "Ooops, something went wrong" unless CiscoISE::ReauthApi.new(ise_session).rerun(record).success?
+  #   end
+  #
+  class ReauthApi < Coa
+
+    #
+    # Reauth type REAUTH_TYPE_DEFAULT = 0
+    #
+    def default(active)
+      type_zero(active, :reauth)
+      self
+    end
+
+    #
+    # Reauth type REAUTH_TYPE_LAST = 1
+    #
+    def last(active)
+      type_one(active, :reauth)
+      self
+    end
+
+    #
+    # Reauth type REAUTH_TYPE_RERUN = 2
+    #
+    def rerun(active)
+      type_two(active, :reauth)
+      self
+    end
+
+  end
+end

data/lib/cisco-ise/session-count.rb

@@ -0,0 +1,9 @@
+module CiscoISE
+  #
+  # Class to store parsed data from APIs returning a SessionCount object. Refer to active-count-api.rb,
+  # profiler-count-api.rb and posture-count-api.rb for usage examples.
+  #
+  class SessionCount < CommonElement
+    attr_accessor :count
+  end
+end

data/lib/cisco-ise/session-parameters.rb

@@ -0,0 +1,109 @@
+
+module CiscoISE
+
+  #
+  # Class to store parsed data from APIs returning a SessionParameter object. Refer to end-point-ip-address-api.rb,
+  # mac-address-api.rb and nas-ip-address-api.rb for usage examples.
+  #
+  class SessionParameters < CommonElement
+    attr_accessor :passed,
+                  :failed,
+                  :user_name,
+                  :nas_ip_address,
+                  :failure_reason,
+                  :calling_station_id,
+                  :nas_port,
+                  :identity_group,
+                  :network_device_name,
+                  :acs_server,
+                  :authen_protocol,
+                  :framed_ip_address,
+                  :network_device_groups,
+                  :access_service,
+                  :auth_acs_timestamp,
+                  :authentication_method,
+                  :execution_steps,
+                  :radius_response,
+                  :audit_session_id,
+                  :nas_identifier,
+                  :nas_port_id,
+                  :nac_policy_compliance,
+                  :auth_id,
+                  :auth_acsview_timestamp,
+                  :message_code,
+                  :acs_session_id,
+                  :service_selection_policy,
+                  :authorization_policy,
+                  :identity_store,
+                  :response,
+                  :service_type,
+                  :cts_security_group,
+                  :use_case,
+                  :cisco_av_pair,
+                  :ad_domain,
+                  :acs_username,
+                  :radius_username,
+                  :nac_role,
+                  :nac_username,
+                  :nac_posture_token,
+                  :nac_radius_is_user_auth,
+                  :selected_posture_server,
+                  :selected_identity_store,
+                  :authentication_identity_store,
+                  :azn_exp_pol_matched_rule,
+                  :ext_pol_server_matched_rule,
+                  :grp_mapping_pol_matched_rule,
+                  :identity_policy_matched_rule,
+                  :nas_port_type,
+                  :query_identity_stores,
+                  :selected_azn_profiles,
+                  :sel_exp_azn_profiles,
+                  :selected_query_identity_stores,
+                  :eap_tunnel,
+                  :tunnel_details,
+                  :cisco_h323_attributes,
+                  :cisco_ssg_attributes,
+                  :other_attributes,
+                  :response_time,
+                  :nad_failure,
+                  :destination_ip_address,
+                  :acct_id,
+                  :acct_acs_timestamp,
+                  :acct_acsview_timestamp,
+                  :acct_session_id,
+                  :acct_status_type,
+                  :acct_session_time,
+                  :acct_input_octets,
+                  :acct_output_octets,
+                  :acct_input_packets,
+                  :acct_output_packets,
+                  :acct_class,
+                  :acct_terminate_cause,
+                  :acct_multi_session_id,
+                  :acct_authentic,
+                  :termination_action,
+                  :session_timeout,
+                  :idle_timeout,
+                  :acct_interim_interval,
+                  :acct_delay_time,
+                  :event_timestamp,
+                  :acct_tunnel_connection,
+                  :acct_tunnel_packet_lost,
+                  :security_group,
+                  :cisco_h323_setup_time,
+                  :cisco_h323_connect_time,
+                  :cisco_h323_disconnect_time,
+                  :framed_protocol,
+                  :started,
+                  :stopped,
+                  :ckpt_id,
+                  :type,
+                  :nad_acsview_timestamp,
+                  :vlan,
+                  :dacl,
+                  :authentication_type,
+                  :interface_name,
+                  :reason,
+                  :endpoint_policy
+  end
+end

data/lib/cisco-ise/user-name-api.rb

@@ -0,0 +1,33 @@
+require 'cisco-ise/session-parameters'
+
+module CiscoISE
+  #
+  # Make a User Name API call and return a Session Parameter object
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  # user_name<String>:: The user name that we are asking the ISE to search for.
+  #
+  # @examples
+  #   #create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #issue version API call and retrieve the product
+  #   user_name_search = CiscoISE::UserNameApi.new(ise_session, 'username')
+  #
+  #   #work with the parsed XML data
+  #   user_name_search.each do |record|
+  #     puts record.user_name + "|" + record.nas_ip_address
+  #   end
+  #
+  #   #view the raw XML
+  #   puts user_name_search.xml.to_s
+  #
+  class UserNameApi < CommonSession
+
+      def initialize(session, user_name)
+        super(session, "Session/UserName/#{user_name}")
+      end
+
+  end
+end

data/lib/cisco-ise/version-api.rb

@@ -0,0 +1,43 @@
+require 'cisco-ise/product'
+
+module CiscoISE
+
+  #
+  # Make a Version API call and return a Product object
+  #
+  # #Parameters
+  # session<CiscoISE::HttpSession>::  The ISE http session that the API call should be made against
+  #
+  # @examples
+  #   #create session
+  #   ise_session   = CiscoISE::HttpSession.new("device-name","myusername","mypassword")
+  #
+  #   #issue version API call and retrieve the product
+  #   product = CiscoISE::VersionApi.new(ise_session).product
+  #
+  #   #work with the parsed XML data
+  #   puts product.name
+  #   puts product.type_of_node
+  #   puts product.version
+  #   puts product.type_of_node_as_code
+  #
+  #   #view the raw XML
+  #   puts product.xml.to_s
+  #
+
+  class VersionApi < CommonElement
+
+    def initialize(session)
+      @xml = session.call_api('Version')
+      self
+    end
+
+    #
+    # Parse the api response and return a product object
+    #
+    def product
+      CiscoISE::Product.new(@xml.elements['product'])
+    end
+
+  end
+end