Skip to content
/ ise Public
forked from falkowich/pyise-ers

Python module to manage Cisco ISE via the ERS API

License

Notifications You must be signed in to change notification settings

jc83419/ise

 
 

Repository files navigation

published Discord CodeQL codecov

ISE-ERS API Wrapper

In September 2024 this repo will be set to archived,
See discussion here »

Python module to manage Cisco ISE via the REST API.

Repography logo / Recent activity Time period

Timeline graph Issue status graph Pull request status graph Trending topics Top contributors Activity map

Information about the master branch

As of May 6, 2023

The master branch is currently being in development.
Please keep this in mind when using the code from this branch.

History

All initial work is done by https://github.com/bobthebutcher and https://github.com/mpenning.
I forked from them and updated so it worked with ISE 2.2.x and changed all functions to json calls.

  • 2021-10-01 » All history before 0.2 and the namechange to pyiseers is located here
  • 2021-10-01 » Deforked from upstream for simpler handling of PR's as of this discussion
  • 2021-10-02 » Started work with namechange as of this issue to pyise-ers
  • 2021-10-03 » Pushed pyise-ers 0.2.0-rc to test.pypi.com
  • 2021-10-05 » Pushed pyise-ers 0.2.0.1 to pypi.com
  • 2023-10-27 » Pushed pyise-ers 0.3.0.1 - 0.3.0.3 to pypi-test
  • 2023-10-28 » Pushed pyise-ers 0.3.0.3 to pypi

Namechange information

After 0.2.0.1 information

In 2021 I tried to publish the library to DevNet and beq modulname was just "ise" I had to do a rename on the package, module and repository.

  • Repository is named pyise-ers,
  • The PyPI package is named pyise-ers.
  • The module is named pyiseers (for convenience of imports without dashes in them)

If you use the "old 0.1.2.x" ise packages in PyPi, please update your requirements to pyise-ers to get continued updates. (after testing everything in your environment offcourse)

Status

I am keeping this active until ISE 2.7 is out of support. And for you who have ISE 3.1 and above, I would recommend https://github.com/CiscoISE/ciscoisesdk project.
See this discussion

Everything should work on 3.0.x train too, beq a few members uses that version. But in my test I only have access to 2.7.

Tested and used in our environment at work. But as usual it's up to you to test this out in a test environment so everything works as intended. If you have any suggestions or find a bug, create a issue and we will try to fix it :)

Feel free to Join Discord Server and contact me there too. I moved away from slack to Discord to try it out when 0.2.0.1 will be released.

Testing

These versions has been tested with pytest.

pyise-ers ise ise patch python date status
0.1.1 2.4.0.357 none 3.7.3 2019 deprecated
0.1.2 2.7.0.356 11 3.7.7 2020 deprecated
0.1.2 2.7.0.356 1 3.7.7 2020 deprecated
0.2.0.1 2.7.0.356 none 3.7.12 2021-10-05 deprecated
0.2.0.1 3.0.0.458 none 3.7.12 2021-10-05 deprecated
0.3.0.3 2.7.0.356 none 3.10.2 2023-10-28 active

There are two tests available in tests/ directory.

Manual test

To run the "manual" tests:

  • make a copy of config-DEFAULT.py to config.py
  • edit uri_27, uri_30 and/or uri_31 with settings to your test ise server
  • run python manual_test_ers.py

Pytest

To run the testfiles with pytest-recording.
The first time this is runned the directory cassettes/ are created with saved .yaml files from the test. That is so that the tests can be repeated without contacting ISE everytime.

  • make a copy of config-DEFAULT.py to config.py
    • edit uri with settings to your test ise instance.
    • in the config.py there are a list where you can set multiple versions if ise instances.
  • to run the tests
    • pytest --record-mode=rewrite (To rewrite cassettes with live data)
    • pytest (to reuse the recorded cassetes)

The plan is to extend the testing with testcoverage on this library.

Enable REST API

http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/api_ref_guide/api_ref_book/ise_api_ref_ers1.html#pgfId-1079790 Need to add an ISE Administrator with the "ERS-Admin" or "ERS-Operator" group assignment is required to use the API.

Installation

From PyPi

pip install pyise-ers

From Repository

mkdir path/to/parent
cd path/to/parent
git clone https://github.com/falkowich/pyise-ers.git
Add to path
import sys
sys.path.append('/path/to/parent/pyise-ers/')

Usage

from pyiseers import ERS
ise = ERS(ise_node='8.8.8.8', ers_user='ers', ers_pass='supersecret', ers_port=9060, verify=False, disable_warnings=True)

If ISE is configured to require CSRF for ERS requests for Enhanced Security, you can add the "use_csrf" tag:

from pyiseers import ERS
ise = ERS(ise_node='8.8.8.8', ers_user='ers', ers_pass='supersecret', ers_port=9060, verify=False, disable_warnings=True, use_csrf=True)

Methods return a result dictionary

{
    'success': True/False,
    'response': 'Response from request',
    'error': 'Error if any',
}

Get a list of identity groups

ise.get_identity_groups()['response']

[('NetworkAdmin',
  '5f0b74f0-14e9-11e5-a7a6-00505683258b',
  'Group for Network Admins with CLI access to network equipment'),
 ('OWN_ACCOUNTS (default)',
  'cecdab40-8d30-11e5-82ce-005056834dc2',
  'Default OWN_ACCOUNTS (default) User Group'),
 ('GuestType_Contractor (default)',
  'c9b6b890-8d30-11e5-82ce-005056834dc2',
  'Identity group mirroring the guest type '),
 ...]

Get details about an identity group

ise.get_identity_group(group='Employee')['response']

{'description': 'Default Employee User Group',
 'id': 'f80e5ce0-f42e-11e2-bd54-005056bf2f0a',
 'link': {'href': 'https://8.8.8.8:9060/ers/config/identitygroup/f80e5ce0-f42e-11e2-bd54-005056bf2f0a',
          'rel': 'self',
          'type': 'application/xml'},
 'name': 'Employee',
 'parent': 'NAC Group:NAC:IdentityGroups:User Identity Groups'}

Get details about an endpoint

ise.get_endpoint_group(group='Resurs')['response']

 {'description': '',
 'id': 'bf6bdcf0-14ed-11e5-a7a6-00505683258b',
 'link': {'href': 'https://8.8.8.8:9060/ers/config/endpointgroup/bf6bdcf0-14ed-11e5-a7a6-00505683258b',
          'rel': 'self',
          'type': 'application/xml'},
 'name': 'Resurs',
 'systemDefined': False}

Get endpoint identity groups

ise.get_endpoint_groups()['response']

  [('Cisco-IP-Phone',
    '265079a0-6d8e-11e5-978e-005056bf2f0a',
    'Identity Group for Profile: Cisco-IP-Phone'),
   ('Resurs', '32c8eb40-6d8e-11e5-978e-005056bf2f0a', ''),
   ...]

Add endpoint

ise.add_endpoint(name='test02', mac='AA:BB:CC:00:11:24', group_id='bf6bdcf0-14ed-11e5-a7a6-00505683258b', description='test02')
{'response': 'test02 Added Successfully', 'success': True, 'error': ''}

Delete endpoint

ise.delete_endpoint(mac='AA:BB:CC:00:11:27')
{'error': '', 'response': 'AA:BB:CC:00:11:27 Deleted Successfully', 'success': True}

Get a list of internal users

ise.get_users()['response']

[('test01', '85fd1eb0-c6fa-11e5-b6b6-000c297b78b4'),
 ('test02', '54fd1eb0-c5fb-54e5-b6b6-00204597b28b1'),
 ...]

Get details about an internal user

By name

ise.get_user(user_id='test02')['response']

{'changePassword': False,
 'customAttributes': {},
 'enablePassword': '*******',
 'enabled': True,
 'expiryDateEnabled': False,
 'id': '54fd1eb0-c5fb-54e5-b6b6-00204597b28b1',
 'identityGroups': '5f0b74f0-14e9-11e5-a7a6-00505683258b',
 'link': {'href': 'https://8.8.8.8:9060/ers/config/internaluser/a837bd55-f2b7-41e3-b0ff-c5ddf9af398c',
          'rel': 'self',
          'type': 'application/xml'},
 'name': 'test02',
 'password': '*******',
 'passwordIDStore': 'Internal Users'}

By email

ise.get_user(user_email='test02@example.com')['response']

{'changePassword': False,
 'customAttributes': {},
 'enablePassword': '*******',
 'enabled': True,
 'expiryDateEnabled': False,
 'id': '54fd1eb0-c5fb-54e5-b6b6-00204597b28b1',
 'identityGroups': '5f0b74f0-14e9-11e5-a7a6-00505683258b',
 'link': {'href': 'https://8.8.8.8:9060/ers/config/internaluser/a837bd55-f2b7-41e3-b0ff-c5ddf9af398c',
          'rel': 'self',
          'type': 'application/xml'},
 'name': 'test02',
 'password': '*******',
 'passwordIDStore': 'Internal Users'}

Add an internal user

ise.add_user(user_id='test11', password='TeStInG11', user_group_oid='5f0b74f0-14e9-11e5-a7a6-00505683258b')

{'error': '', 'response': 'test11 Added Successfully', 'success': True}

Delete an internal user

ise.delete_user(user_id='test11')

{'error': '', 'response': 'test11 Deleted Successfully', 'success': True}

Get details about an admin user

ise.get_admin_user(user_id='admin')

{
  "SearchResult": {
    "total": 2,
    "resources": [
      {
        "id": "c2428e12-105f-4d5f-88ae-5885516d7ac5",
        "name": "admin",
        "description": "Default Admin User",
        "link": {
          "rel": "self",
          "href": "https://8.8.8.8:9060/ers/config/adminuser/c2428e12-105f-4d5f-88ae-5885516d7ac5",
          "type": "application/json"
        }
      },
      {
        "id": "e0884628-8d13-451c-b3f7-117f9d0336ad",
        "name": "ers-operator",
        "description": "",
        "link": {
          "rel": "self",
          "href": "https://8.8.8.8:9060/ers/config/adminuser/e0884628-8d13-451c-b3f7-117f9d0336ad",
          "type": "application/json"
        }
      }
    ]
  }
}

Get a list of devices

ise.get_devices()['response']

[('TestDevice01', '6680f410-5277-11e5-9a52-05505683258b'),
 ('TestDevice02', '64d9b32-5c56-11e5-9a52-00502683258b'),
 ...]

Get details about a device

ise.get_device(device='TestDevice02')['response']

{'NetworkDeviceGroupList': ['Stage#Stage',
                            'Device Type#All Device Types#Linux',
                            'Location#All Locations'],
 'NetworkDeviceIPList': [{'ipaddress': '10.8.1.55', 'mask': 32}],
 'authenticationSettings': {'enableKeyWrap': False,
                            'keyInputFormat': 'ASCII',
                            'networkProtocol': 'RADIUS',
                            'radiusSharedSecret': '******'},
 'coaPort': 0,
 'id': '74d9b830-5c76-11e5-9a52-00505683258b',
 'link': {'href': 'https://8.8.8.8:9060/ers/config/networkdevice/74d9b830-5c76-11e5-9a52-00505683258b',
          'rel': 'self',
          'type': 'application/xml'},
 'modelName': 'Linux',
 'name': 'TestDevice02',
 'profileName': 'Cisco'}

Get a list of device groups

ise.get_device_groups()['response']

[('Device Type#All Device Types', '526240e0-f42e-11e2-bd54-005056bf2f0a'),
 ('Device Type#All Device Types#Switch', 'e25bd190-14e6-11e5-a7a6-00505683258b'),
 ('Device Type#All Device Types#Wism', 'e6b085b0-14e6-11e5-a7a6-00505683258b'),
 ('IPSEC#Is IPSEC Device', '0d3f19b0-30c1-11e7-88b5-005056834dc2'),
 ('IPSEC#Is IPSEC Device#No', '0dac0c50-30c1-11e7-88b5-005056834dc2'),
 ('IPSEC#Is IPSEC Device#Yes', '0d74f6c0-30c1-11e7-88b5-005056834dc2'),
 ('Location#All Locations', '522b7970-f42e-11e2-bd54-005056bf2f0a'),
 ...]

Get device group(s) details

# Provide a device_group_id 
ise.get_device_group(device_group_id="4b26b5b0-71a6-11eb-b5e0-52cf9299494c")

{'success': True,
 'response': {'id': '4b26b5b0-71a6-11eb-b5e0-52cf9299494c',
  'name': 'Device Type#All Device Types#NXOS',
  'description': '',
  'link': {'rel': 'self',
   'href': 'https://8.8.8.8:9060/ers/config/networkdevicegroup/4b26b5b0-71a6-11eb-b5e0-52cf9299494c',
   'type': 'application/json'},
  'othername': 'Device Type'},
 'error': ''}


# Provide a partial group name to look for 
ise.get_device_group(name="NXOS")

{'success': True,
 'response': {'id': '4b26b5b0-71a6-11eb-b5e0-52cf9299494c',
  'name': 'Device Type#All Device Types#NXOS',
  'description': '',
  'link': {'rel': 'self',
   'href': 'https://8.8.8.8:9060/ers/config/networkdevicegroup/4b26b5b0-71a6-11eb-b5e0-52cf9299494c',
   'type': 'application/json'},
  'othername': 'Device Type'},
 'error': ''}

# If more than one group found with for a name a list is returned
ise.get_device_group(name="Device Types")

[
  {'success': True,
  'response': {'id': '70c79c30-8bff-11e6-996c-525400b48521',
   'name': 'Device Type#All Device Types',
   'description': 'All Device Types',
   'link': {'rel': 'self',
    'href': 'https://8.8.8.8:9060/ers/config/networkdevicegroup/70c79c30-8bff-11e6-996c-525400b48521',
    'type': 'application/json'},
   'othername': 'Device Type'},
  'error': ''},
 {'success': True,
  'response': {'id': 'ee45c0a0-7fbc-11eb-ac01-36750594a888',
   'name': 'Device Type#All Device Types#IOS-XE',
   'description': '',
   'link': {'rel': 'self',
    'href': 'https://8.8.8.8:9060/ers/config/networkdevicegroup/ee45c0a0-7fbc-11eb-ac01-36750594a888',
    'type': 'application/json'},
   'othername': 'Device Type'},
  'error': ''},
 {'success': True,
  'response': {'id': '4b26b5b0-71a6-11eb-b5e0-52cf9299494c',
   'name': 'Device Type#All Device Types#NXOS',
   'description': '',
   'link': {'rel': 'self',
    'href': 'https://8.8.8.8:9060/ers/config/networkdevicegroup/4b26b5b0-71a6-11eb-b5e0-52cf9299494c',
    'type': 'application/json'},
   'othername': 'Device Type'},
  'error': ''},
]

Add a new device group

ise.add_device_group(name="Device Type#All Device Types#Python Device Type", description="From Python")

{'success': True,
 'response': 'Device Type#All Device Types#Python Device Type Added Successfully',
 'error': ''}

Update a device group

ise.update_device_group(device_group_oid=group_id, name="Device Type#All Device Types#Updated Device Type", description="Update Description")

{'success': True,
 'response': 'e7db3e00-a36d-11eb-ac01-36750594a888 Updated Successfully',
 'error': ''}

Remove a device group

ise.delete_device_group(name="Device Type#All Device Types#Python Device Type")

{'success': True,
 'response': 'Device Type#All Device Types#Python Device Type Deleted Successfully',
 'error': ''}

Add a device

ise.add_device(name='testdevice03',
               ip_address='8.8.8.8',
               radius_key='foo',
               snmp_ro='bar',
               dev_group='Stage#Stage#Closed',
               dev_location='Location#All Locations#Site21',
               dev_type='Device Type#All Device Types#Switch')

{'error': '', 'response': 'testdevice03 Added Successfully', 'success': True}

Update a device

ise.update_device("PYTHON-DEVICE", tacacs_shared_secret="NEWTACACS")

{'success': True,
 'response': {'updatedField': [{'field': 'TacacsSettings.ConnectModeOptions',
    'oldValue': '',
    'newValue': 'ON_LEGACY'},
   {'field': 'TacacsSettings.SharedSecret', 'newValue': 'NEWTACACS'}]},
 'error': ''}

Delete a device

ise.delete_device(device='testdevice03')

{'error': '', 'response': 'testdevice03 Deleted Successfully', 'success': True}

Get all Security Groups (SGTs)

ise.get_sgts()

{'success': True, 'response': [('Contractors', '4f9c8050-8f9f-11ea-b8e4-ca18718347e2'), ('Employees', 'a34ae530-59a2-11ea-a6b9-26b516ce162b'), ('Guest', '440dd8b0-7da7-11ea-bb75-261e6ff61f42'), ('IoT_Devices', '55bd68f0-8f9f-11ea-b8e4-ca18718347e2'), ('IoT_Servers', '36369eb0-8fa0-11ea-b8e4-ca18718347e2'), ('Servers', '385cbd90-8fa1-11ea-b8e4-ca18718347e2'), ('TrustSec_Devices', '947832a0-8c01-11e6-996c-525400b48521'), ('Unknown', '92adf9f0-8c01-11e6-996c-525400b48521')], 'error': '', 'total': 8}

Get Specific SGT

ise.get_sgt("Unknown")
ise.get_sgt(0)
ise.get_sgt("92adf9f0-8c01-11e6-996c-525400b48521")

{'success': True, 'response': {'id': '92adf9f0-8c01-11e6-996c-525400b48521', 'name': 'Unknown', 'description': 'Unknown Security Group', 'value': 0, 'generationId': '1', 'propogateToApic': False, 'link': {'rel': 'self', 'href': 'https://10.102.172.125:9060/ers/config/sgt/92adf9f0-8c01-11e6-996c-525400b48521', 'type': 'application/json'}}, 'error': ''}

Add a SGT

ise.add_sgt("Python_Users", "Group used for all Python Users", 56789, return_object=True)

{'success': True, 'response': {'id': 'd4696690-97ba-11ea-9614-caf56bcd6712', 'name': 'Python_Users', 'description': 'Group used for all Python Users', 'value': 56789, 'generationId': '0', 'propogateToApic': False, 'link': {'rel': 'self', 'href': 'https://10.102.172.125:9060/ers/config/sgt/d4696690-97ba-11ea-9614-caf56bcd6712', 'type': 'application/json'}}, 'error': ''}

Update a SGT

ise.update_sgt("d4696690-97ba-11ea-9614-caf56bcd6712", "Python_Tests", "Testing for Python Users", 45678, return_object=True)

{'success': True, 'response': {'id': 'd4696690-97ba-11ea-9614-caf56bcd6712', 'name': 'Python_Tests', 'description': 'Testing for Python Users', 'value': 45678, 'generationId': '0', 'propogateToApic': False, 'link': {'rel': 'self', 'href': 'https://10.102.172.125:9060/ers/config/sgt/d4696690-97ba-11ea-9614-caf56bcd6712', 'type': 'application/json'}}, 'error': ''}

Delete a SGT

ise.delete_sgt("d4696690-97ba-11ea-9614-caf56bcd6712")

{'success': True, 'response': 'd4696690-97ba-11ea-9614-caf56bcd6712 Deleted Successfully', 'error': ''}

Get all Security Groups ACLs (SGACLs)

ise.get_sgacls()

{'success': True, 'response': [('Block_All', '7c9b4a80-8fa1-11ea-b8e4-ca18718347e2'), ('Deny IP', '92919850-8c01-11e6-996c-525400b48521'), ('Deny_ICMP', 'c21dfa60-59a2-11ea-a6b9-26b516ce162b'), ('Deny_IP_Log', '0e6d3830-0684-11ea-ace5-42a6b55c5ca6'), ('Permit IP', '92951ac0-8c01-11e6-996c-525400b48521'), ('Permit_FTP', '761b9e50-7e01-11ea-bb75-261e6ff61f42'), ('Permit_IP_Log', '0e6aee40-0684-11ea-ace5-42a6b55c5ca6'), ('Permit_MQTT', '1470fa00-5a85-11ea-a6b9-26b516ce162b')], 'error': '', 'total': 8}

Get Specific SGACL

ise.get_sgacl("Permit IP")
ise.get_sgacl("92951ac0-8c01-11e6-996c-525400b48521")

{'success': True, 'response': {'id': '92951ac0-8c01-11e6-996c-525400b48521', 'name': 'Permit IP', 'description': 'Permit IP SGACL', 'generationId': '0', 'aclcontent': 'permit ip', 'link': {'rel': 'self', 'href': 'https://10.102.172.125:9060/ers/config/sgacl/92951ac0-8c01-11e6-996c-525400b48521', 'type': 'application/json'}}, 'error': ''}

Add a SGACL

ise.add_sgacl("Python_ACL", "Access List for Python Access", "IP_AGNOSTIC", ["permit tcp dst eq 80"], return_object=True)

{'success': True, 'response': {'id': '7a820000-97bb-11ea-9614-caf56bcd6712', 'name': 'Python_ACL', 'description': 'Access List for Python Access', 'generationId': '0', 'aclcontent': 'permit tcp dst eq 80', 'link': {'rel': 'self', 'href': 'https://10.102.172.125:9060/ers/config/sgacl/7a820000-97bb-11ea-9614-caf56bcd6712', 'type': 'application/json'}}, 'error': ''}

Update a SGACL

ise.update_sgacl("7a820000-97bb-11ea-9614-caf56bcd6712", "Python_Access_List", "Python Access List", "IPV4", ["permit tcp src eq 80"], return_object=True)

{'success': True, 'response': {'id': '7a820000-97bb-11ea-9614-caf56bcd6712', 'name': 'Python_Access_List', 'description': 'Python Access List', 'generationId': '1', 'ipVersion': 'IPV4', 'aclcontent': 'permit tcp src eq 80', 'link': {'rel': 'self', 'href': 'https://10.102.172.125:9060/ers/config/sgacl/7a820000-97bb-11ea-9614-caf56bcd6712', 'type': 'application/json'}}, 'error': ''}

Get all TrustSec Egress Matrix Cells (Policies)

ise.get_egressmatrixcells()

{'success': True, 'response': [('ANY-ANY', '92c1a900-8c01-11e6-996c-525400b48521'), ('Contractors-Servers', '5251ca60-8fa1-11ea-b8e4-ca18718347e2'), ('Contractors-IoT_Devices', 'de7859b0-8fa0-11ea-b8e4-ca18718347e2'), ('Employees-Servers', '5fb81e71-8fa1-11ea-b8e4-ca18718347e2'), ('Employees-Employees', 'd2d88280-59a2-11ea-a6b9-26b516ce162b'), ('Employees-IoT_Devices', 'e18ac9d1-8fa0-11ea-b8e4-ca18718347e2'), ('Employees-TrustSec_Devices', 'ee035030-59a2-11ea-a6b9-26b516ce162b'), ('Guest-IoT_Devices', 'e4d49da1-8fa0-11ea-b8e4-ca18718347e2'), ('IoT_Devices-IoT_Devices', 'b0eccdf0-8fa0-11ea-b8e4-ca18718347e2'), ('IoT_Devices-IoT_Servers', 'b7e6d880-8fa0-11ea-b8e4-ca18718347e2'), ('IoT_Devices-Contractors', 'c82308e0-8fa0-11ea-b8e4-ca18718347e2'), ('IoT_Devices-Employees', 'cb276f40-8fa0-11ea-b8e4-ca18718347e2'), ('IoT_Devices-Guest', 'ce1e4110-8fa0-11ea-b8e4-ca18718347e2'), ('IoT_Devices-TrustSec_Devices', 'd1e33851-8fa0-11ea-b8e4-ca18718347e2'), ('IoT_Devices-Unknown', 'd68d3860-8fa0-11ea-b8e4-ca18718347e2'), ('IoT_Servers-IoT_Devices', 'bc784780-8fa0-11ea-b8e4-ca18718347e2'), ('IoT_Servers-IoT_Servers', 'c069f410-8fa0-11ea-b8e4-ca18718347e2'), ('TrustSec_Devices-IoT_Devices', 'e94bcde1-8fa0-11ea-b8e4-ca18718347e2'), ('Unknown-IoT_Devices', 'f3e9da31-8fa0-11ea-b8e4-ca18718347e2')], 'error': '', 'total': 19}

Get Specific Egress Matrix Cell

ise.get_egressmatrixcell("Default egress rule")
ise.get_egressmatrixcell(None, src_sgt="92bb1950-8c01-11e6-996c-525400b48521", dst_sgt="92bb1950-8c01-11e6-996c-525400b48521")

{'success': True, 'response': {'id': '92c1a900-8c01-11e6-996c-525400b48521', 'name': 'ANY-ANY', 'description': 'Default egress rule', 'sourceSgtId': '92bb1950-8c01-11e6-996c-525400b48521', 'destinationSgtId': '92bb1950-8c01-11e6-996c-525400b48521', 'matrixCellStatus': 'ENABLED', 'defaultRule': 'PERMIT_IP', 'sgacls': ['92951ac0-8c01-11e6-996c-525400b48521'], 'link': {'rel': 'self', 'href': 'https://10.102.172.125:9060/ers/config/egressmatrixcell/92c1a900-8c01-11e6-996c-525400b48521', 'type': 'application/json'}}, 'error': ''}

Add a Egress Matrix Cell

ise.add_egressmatrixcell(source_sgt="Unknown", destination_sgt="TrustSec_Devices", default_rule="PERMIT_IP", return_object=True)

{'success': True, 'response': {'id': '6f76b621-97bf-11ea-9614-caf56bcd6712', 'name': 'Unknown-TrustSec_Devices', 'sourceSgtId': '92adf9f0-8c01-11e6-996c-525400b48521', 'destinationSgtId': '947832a0-8c01-11e6-996c-525400b48521', 'matrixCellStatus': 'ENABLED', 'defaultRule': 'PERMIT_IP', 'sgacls': ['92951ac0-8c01-11e6-996c-525400b48521'], 'link': {'rel': 'self', 'href': 'https://10.102.172.125:9060/ers/config/egressmatrixcell/6f76b621-97bf-11ea-9614-caf56bcd6712', 'type': 'application/json'}}, 'error': ''}

Update a Egress Matrix Cell

ise.update_egressmatrixcell("6f76b621-97bf-11ea-9614-caf56bcd6712", source_sgt="Unknown", destination_sgt="TrustSec_Devices", default_rule="NONE", acls=["Deny IP"], description="Description", return_object=True)

{'success': True, 'response': {'id': '6f76b621-97bf-11ea-9614-caf56bcd6712', 'name': 'Unknown-TrustSec_Devices', 'description': 'Description', 'sourceSgtId': '92adf9f0-8c01-11e6-996c-525400b48521', 'destinationSgtId': '947832a0-8c01-11e6-996c-525400b48521', 'matrixCellStatus': 'ENABLED', 'defaultRule': 'DENY_IP', 'sgacls': ['92919850-8c01-11e6-996c-525400b48521'], 'link': {'rel': 'self', 'href': 'https://10.102.172.125:9060/ers/config/egressmatrixcell/6f76b621-97bf-11ea-9614-caf56bcd6712', 'type': 'application/json'}}, 'error': ''}

Delete a Egress Matrix Cell

ise.delete_egressmatrixcell("6f76b621-97bf-11ea-9614-caf56bcd6712")

{'success': True, 'response': '6f76b621-97bf-11ea-9614-caf56bcd6712 Deleted Successfully', 'error': ''}

History before namechange » 0.2.0

  • Merged back from the work that https://github.com/karrots has done efter I paused the updates.
  • Converted to pipenv packages instead of requirements.txt
  • Updated to ISE 2.4.x
  • Merged back from the work that https://github.com/msom has done with some good device fixes.
    • One big thing is that module is now renamed from ise.cream to just ise.
  • First publish to PyPi with the help of https://github.com/JonasKs.
  • Add support for ISE CSRF and some TrustSec objects (SGT, SGACL, Egress Policy Matrix) https://github.com/joshand.
  • Merged Enhancement to Device Group and Device Functions with a big thanks to https://github.com/hpreston
    • New functions for devicegroups where added » add_device_group, update_device_group, delete_device_group.
    • New function to update devices where added » update_device
    • Updated get_device_group for looking up names
    • Updated add_device with new parameters and device_payload
  • Updated dependensies for dev and prod, created new manual testcases, cleaned up the code with black.

About

Python module to manage Cisco ISE via the ERS API

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 99.5%
  • Makefile 0.5%