@itentialopensource/adapter-cisco_ise 0.1.1

package/TAB2.md

@@ -0,0 +1,306 @@
+# Cisco ISE
+
+## Table of Contents 
+
+  - [Specific Adapter Information](#specific-adapter-information) 
+    - [Authentication](#authentication) 
+    - [Sample Properties](#sample-properties) 
+    - [Swagger](#swagger) 
+  - [Generic Adapter Information](#generic-adapter-information) 
+
+## Specific Adapter Information
+### Authentication
+
+This document will go through the steps for authenticating the Cisco ISE adapter with Basic Authentication. Properly configuring the properties for an adapter in IAP is critical for getting the adapter online. You can read more about adapter authentication <a href="https://docs.itential.com/opensource/docs/authentication" target="_blank">HERE</a>. 
+
+#### Basic Authentication
+The Cisco ISE adapter requires Basic Authentication. If you change authentication methods, you should change this section accordingly and merge it back into the adapter repository.
+
+STEPS  
+1. Ensure you have access to a Cisco ISE server and that it is running
+2. Follow the steps in the README.md to import the adapter into IAP if you have not already done so
+3. Use the properties below for the ```properties.authentication``` field
+```json
+"authentication": {
+  "auth_method": "basic user_password",
+  "username": "<username>",
+  "password": "<password>",
+  "auth_field": "header.headers.Authorization",
+  "auth_field_format": "Basic {b64}{username}:{password}{/b64}",
+  "auth_logging": false,
+}
+```
+you can leave all of the other properties in the authentication section, they will not be used when the auth_method is basic user_password.<br>
+4. Restart the adapter. If your properties were set correctly, the adapter should go online. 
+
+#### Troubleshooting
+- Make sure you copied over the correct username and password.
+- Turn on debug level logs for the adapter in IAP Admin Essentials.
+- Turn on auth_logging for the adapter in IAP Admin Essentials (adapter properties).
+- Investigate the logs - in particular:
+  - The FULL REQUEST log to make sure the proper headers are being sent with the request.
+  - The FULL BODY log to make sure the payload is accurate.
+  - The CALL RETURN log to see what the other system is telling us.
+- Credentials should be ** masked ** by the adapter so make sure you verify the username and password - including that there are erroneous spaces at the front or end.
+- Remember when you are done to turn auth_logging off as you do not want to log credentials.
+
+### Sample Properties
+
+Sample Properties can be used to help you configure the adapter in the Itential Automation Platform. You will need to update connectivity information such as the host, port, protocol and credentials.
+
+```json
+  "properties": {
+    "host": "localhost",
+    "port": 443,
+    "choosepath": "",
+    "base_path": "/api",
+    "version": "v1",
+    "cache_location": "none",
+    "encode_pathvars": true,
+    "encode_queryvars": true,
+    "save_metric": false,
+    "stub": true,
+    "protocol": "https",
+    "authentication": {
+      "auth_method": "basic user_password",
+      "username": "username",
+      "password": "password",
+      "token": "token",
+      "token_timeout": 1800000,
+      "token_cache": "local",
+      "invalid_token_error": 401,
+      "auth_field": "header.headers.Authorization",
+      "auth_field_format": "Basic {b64}{username}:{password}{/b64}",
+      "auth_logging": false,
+      "client_id": "",
+      "client_secret": "",
+      "grant_type": "",
+      "sensitive": [],
+      "sso": {
+        "protocol": "",
+        "host": "",
+        "port": 0
+      },
+      "multiStepAuthCalls": [
+        {
+          "name": "",
+          "requestFields": {},
+          "responseFields": {},
+          "successfullResponseCode": 200
+        }
+      ]
+    },
+    "healthcheck": {
+      "type": "none",
+      "frequency": 60000,
+      "query_object": {},
+      "addlHeaders": {}
+    },
+    "throttle": {
+      "throttle_enabled": false,
+      "number_pronghorns": 1,
+      "sync_async": "sync",
+      "max_in_queue": 1000,
+      "concurrent_max": 1,
+      "expire_timeout": 0,
+      "avg_runtime": 200,
+      "priorities": [
+        {
+          "value": 0,
+          "percent": 100
+        }
+      ]
+    },
+    "request": {
+      "number_redirects": 0,
+      "number_retries": 3,
+      "limit_retry_error": [
+        0
+      ],
+      "failover_codes": [],
+      "attempt_timeout": 5000,
+      "global_request": {
+        "payload": {},
+        "uriOptions": {},
+        "addlHeaders": {},
+        "authData": {}
+      },
+      "healthcheck_on_timeout": true,
+      "return_raw": false,
+      "archiving": false,
+      "return_request": false
+    },
+    "proxy": {
+      "enabled": false,
+      "host": "",
+      "port": 1,
+      "protocol": "http",
+      "username": "",
+      "password": ""
+    },
+    "ssl": {
+      "ecdhCurve": "",
+      "enabled": false,
+      "accept_invalid_cert": false,
+      "ca_file": "",
+      "key_file": "",
+      "cert_file": "",
+      "secure_protocol": "",
+      "ciphers": ""
+    },
+    "mongo": {
+      "host": "",
+      "port": 0,
+      "database": "",
+      "username": "",
+      "password": "",
+      "replSet": "",
+      "db_ssl": {
+        "enabled": false,
+        "accept_invalid_cert": false,
+        "ca_file": "",
+        "key_file": "",
+        "cert_file": ""
+      }
+    },
+    "devicebroker": {
+      "enabled": false,
+      "getDevice": [
+        {
+          "path": "/get/devices/{id}",
+          "method": "GET",
+          "query": {},
+          "body": {},
+          "headers": {},
+          "handleFailure": "fail",
+          "requestFields": {
+            "id": "name"
+          },
+          "responseDatakey": "",
+          "responseFields": {
+            "name": "host",
+            "ostype": "os",
+            "ostypePrefix": "system-",
+            "ipaddress": "attributes.ipaddr",
+            "port": "443"
+          }
+        }
+      ],
+      "getDevicesFiltered": [
+        {
+          "path": "/get/devices",
+          "method": "GET",
+          "pagination": {
+            "offsetVar": "",
+            "limitVar": "",
+            "incrementBy": "limit",
+            "requestLocation": "query"
+          },
+          "query": {},
+          "body": {},
+          "headers": {},
+          "handleFailure": "fail",
+          "requestFields": {},
+          "responseDatakey": "",
+          "responseFields": {
+            "name": "host",
+            "ostype": "os",
+            "ostypePrefix": "system-",
+            "ipaddress": "attributes.ipaddr",
+            "port": "443"
+          }
+        }
+      ],
+      "isAlive": [
+        {
+          "path": "/get/devices/{id}/status",
+          "method": "GET",
+          "query": {},
+          "body": {},
+          "headers": {},
+          "handleFailure": "fail",
+          "requestFields": {
+            "id": "name"
+          },
+          "responseDatakey": "",
+          "responseFields": {
+            "status": "status",
+            "statusValue": "online"
+          }
+        }
+      ],
+      "getConfig": [
+        {
+          "path": "/get/devices/{id}/configPart1",
+          "method": "GET",
+          "query": {},
+          "body": {},
+          "headers": {},
+          "handleFailure": "fail",
+          "requestFields": {
+            "id": "name"
+          },
+          "responseDatakey": "",
+          "responseFields": {}
+        }
+      ],
+      "getCount": [
+        {
+          "path": "/get/devices",
+          "method": "GET",
+          "query": {},
+          "body": {},
+          "headers": {},
+          "handleFailure": "fail",
+          "requestFields": {},
+          "responseDatakey": "",
+          "responseFields": {}
+        }
+      ]
+    },
+    "cache": {
+      "enabled": false,
+      "entities": [
+        {
+          "entityType": "",
+          "frequency": 1440,
+          "flushOnFail": false,
+          "limit": 1000,
+          "retryAttempts": 5,
+          "sort": true,
+          "populate": [
+            {
+              "path": "",
+              "method": "GET",
+              "pagination": {
+                "offsetVar": "",
+                "limitVar": "",
+                "incrementBy": "limit",
+                "requestLocation": "query"
+              },
+              "query": {},
+              "body": {},
+              "headers": {},
+              "handleFailure": "ignore",
+              "requestFields": {},
+              "responseDatakey": "",
+              "responseFields": {}
+            }
+          ],
+          "cachedTasks": [
+            {
+              "name": "",
+              "filterField": "",
+              "filterLoc": ""
+            }
+          ]
+        }
+      ]
+    }
+  }
+```
+### Swagger
+
+Note: The content for this section may be missing as its corresponding .json file is unavailable. This sections will be updated once adapter-openapi.json file is added.
+## [Generic Adapter Information](https://gitlab.com/itentialopensource/adapters/adapter-cisco_ise/-/blob/master/README.md) 
+

package/TROUBLESHOOT.md

@@ -0,0 +1,56 @@
+## Troubleshoot
+
+Run `npm run troubleshoot` to start the interactive troubleshooting process. The command allows you to verify and update connection, authentication as well as healthcheck configuration. After that it will test these properties by sending HTTP request to the endpoint. If the tests pass, it will persist these changes into IAP.
+
+You also have the option to run individual commands to perform specific test:
+
+- `npm run healthcheck` will perform a healthcheck request of with current setting.
+- `npm run basicget` will perform some non-parameter GET request with current setting.
+- `npm run connectivity` will perform networking diagnostics of the adatper endpoint.
+
+### Connectivity Issues
+
+1. You can run the adapter troubleshooting script which will check connectivity, run the healthcheck and run basic get calls.
+
+```bash
+npm run troubleshoot
+```
+
+2. Verify the adapter properties are set up correctly.
+
+```text
+Go into the Itential Platform GUI and verify/update the properties
+```
+
+3. Verify there is connectivity between the Itential Platform Server and Cisco_ise Server.
+
+```text
+ping the ip address of Cisco_ise server
+try telnet to the ip address port of Cisco_ise
+execute a curl command to the other system
+```
+
+4. Verify the credentials provided for Cisco_ise.
+
+```text
+login to Cisco_ise using the provided credentials
+```
+
+5. Verify the API of the call utilized for Cisco_ise Healthcheck.
+
+```text
+Go into the Itential Platform GUI and verify/update the properties
+```
+
+### Functional Issues
+
+Adapter logs are located in `/var/log/pronghorn`. In older releases of the Itential Platform, there is a `pronghorn.log` file which contains logs for all of the Itential Platform. In newer versions, adapters can be configured to log into their own files.
+
+### Adapter Results
+
+The majority of the http response codes from the adapter come directly from the downstream system. There are some exceptions to this:
+
+1. Timeout (-2): There is an attempt timeout property that defines how long the adapter should wait to receive a response before giving up. If that time expires before a resonse is received the adapter will respond with a code of -2. The message will say "The Adapter has run out of time for the request" and it will recommend that you "Increase your adapter request.attempt_timeout property".
+2. Econnreset (-1): When the downstream system or something within the network drops the connection, the adapter will receive and forward an ECONNRESET error with a -1 code. The message will say "The connection was terminated by the network or external system" and the recommendation will be for you to "Check connectivity to the external system and that the system is up".
+
+The adapter will also have various errors if it is unable to build the request. All of these errors come with messages and recommendations to help you understand what you need to do to resolve the issue.