-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathise-api-enabled.py
executable file
·69 lines (53 loc) · 2.48 KB
/
ise-api-enabled.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/usr/bin/env python3
"""
Enable the ISE APIs using (synchronous) APIs.
Usage:
ise-api-enabled.py
Requires setting the these environment variables using the `export` command:
export ISE_PPAN='1.2.3.4' # hostname or IP address of ISE Primary PAN
export ISE_REST_USERNAME='admin' # ISE ERS admin or operator username
export ISE_REST_PASSWORD='C1sco12345' # ISE ERS admin or operator password
export ISE_CERT_VERIFY=false # validate the ISE certificate
You may add these export lines to a text file and load with `source`:
source env.sh
"""
__author__ = "Thomas Howard"
__email__ = "[email protected]"
__license__ = "MIT - https://mit-license.org/"
import os
import requests
import sys
requests.packages.urllib3.disable_warnings() # Silence any requests package warnings about certificates
def ise_open_api_enable(session: requests.Session = None, ssl_verify: bool = True):
url = "https://" + env["ISE_PPAN"] + "/admin/API/apiService/update"
data = '{ "papIsEnabled":true, "psnsIsEnabled":true }'
r = session.post(url, data=data, verify=ssl_verify)
if r.status_code == 200 or r.status_code == 500: # 500 if already enabled
print(f"✅ {r.status_code} ISE Open APIs Enabled")
else:
print(f"❌ {r.status_code} ISE Open APIs Disabled")
def ise_ers_api_enable(session: requests.Session = None, ssl_verify: bool = True):
url = "https://" + env["ISE_PPAN"] + "/admin/API/NetworkAccessConfig/ERS"
data = """<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ersConfig>
<id>1</id>
<isCSRFCheck>false</isCSRFCheck>
<isPapEnabled>true</isPapEnabled>
<isPsnsEnabled>true</isPsnsEnabled>
</ersConfig>
"""
r = session.put(url, data=data, headers={"Content-Type": "application/xml", "Accept": "application/xml"}, verify=ssl_verify)
print(f"{'✅' if r.ok else '❌'} {r.status_code} ISE ERS APIs {'Enabled' if r.ok else 'Disabled'}")
if __name__ == "__main__":
"""
Run from script
"""
env = {k: v for (k, v) in os.environ.items()} # Load environment variables
ssl_verify = False if env["ISE_CERT_VERIFY"][0:1].lower() in ["f", "n"] else True
with requests.Session() as session:
session = requests.Session()
session.auth = (env["ISE_REST_USERNAME"], env["ISE_REST_PASSWORD"])
session.headers.update({"Content-Type": "application/json", "Accept": "application/json"})
ise_open_api_enable(session, ssl_verify)
ise_ers_api_enable(session, ssl_verify)
sys.exit(0) # 0 is ok