Consuming ISE APIs with Ansible : Get ISE Endpoint Details

In this post I will breakdown an Ansible playbook. The playbook consumes ISE APIs to provide endpoint details from the ISE database, specifically the endpoint group name/association.

---
- name: ISE
  hosts: localhost
  connection: local
  gather_facts: false
  vars:
    ise_user: xxxx
    ise_pass: xxxx

  tasks:
  - name: Get Existing MAC Endpoint ID string
    uri:
      url: https://xxxx:9060/ers/config/endpoint?filter=mac.EQ.{{ mac_addr }}
      user: "{{ ise_user }}"
      password: "{{ ise_pass }}"
      headers:
        Accept: application/json
        content-type: application/json
        ers-media-type: identity.endpoint.1.2
      status_code: 200
      method: GET
      validate_certs: no
    register: endpoint_id

  - name: Print ISE Endpoint ID
    debug: 
     msg: "{{ endpoint_id }}"
   
  - name: Get ISE ID String
    set_fact:
     id: "{{ endpoint_id | json_query(jmesquery) }}"
    vars:
      jmesquery: '*.SearchResult.resources[*].id'

  - name: Extract ID from Nested List
    set_fact:
     id: "{{ id[0][0] }}"

  - name: Get Endpoint Details
    uri:
      url: https://xxxx:9060/ers/config/endpoint/{{ id }}
      user: "{{ ise_user }}"
      password: "{{ ise_pass }}"
      headers:
        Accept: application/json
        content-type: application/json
        ers-media-type: identity.endpoint.1.2
      status_code: 200
      method: GET
      validate_certs: no
    register: endpoint_details

  - name: Print ISE Endpoint Details
    debug: 
     msg: "{{ endpoint_details }}"

  - name: Get ISE Group ID String
    set_fact:
     id_details: "{{ endpoint_details | json_query(jmesquery) }}"
    vars:
      jmesquery: '*.ERSEndPoint.groupId'

  - name: Extract Group ID from Nested List
    set_fact:
     group_id: "{{ id_details[0] }}"

  - name: Print ISE Endpoint Group ID
    debug: 
     msg: "{{ group_id }}"

  - name: Get Endpoint Group Assignment
    uri:
      url: https://xx.xx.xx.xx:9060/ers/config/endpointgroup/{{ group_id }}
      user: "{{ ise_user }}"
      password: "{{ ise_pass }}"
      headers:
        Accept: application/json
        content-type: application/json
        ers-media-type: identity.endpointgroup.1.1
      status_code: 200
      method: GET
      validate_certs: no
    register: endpoint_group

  - name: Print returned ISE json data
    debug:
     msg: "{{ endpoint_group.json }}"

  - name: Get ISE Group Name from ISE json data
    set_fact:
     group_name: "{{ endpoint_group | json_query(jmesquery) }}"
    vars:
      jmesquery: '*.EndPointGroup.name'

  - name: Extract Group Name from Nested List
    set_fact:
     group_id: "{{ group_name[0] }}"

  - name: Print returned ISE group name
    debug:
     msg: 'The Endpoint belongs to the following group in ISE: "{{ group_id }}"'

Looking at the playbook shared above OR via the github link below, here is a breakdown of what the playbook does in order to consume ISE APIs to get an Endpoint group name/association:

  1. Get existing MAC endpoint ID string from ISE db

  2. Print returned data from ISE

  3. Extract endpoint id string using json_query & store as variable

  4. Extract the id string from nested list & store as variable

  5. Get endpoint details from ISE using endpoint id string

  6. Print returned data from ISE

  7. Extract endpoint group id string using json_query & store as variable

  8. Extract the group id string from nested list & store as variable

  9. Print returned group name to screen

Playbook is shared here on github: Github

To see more check out posts in the Automation tab & take a peek at the tags! Cheers!

0 comments

Recent Posts

See All

Linux AnyConnect Overview & Ansible Automation

"The What?" - In this blog I want to cover a brief overview of one way to install AnyConnect (AC) on a linux client running a supported OS. Once I cover the overview I intend on covering a few Ansibl

Using a Custom Ansible Module for ISE API Interaction

"The What?" - In this post I am going to provide a general understanding on how to use a custom Ansible module. A module is essentially a reusable standalone script that Ansible will run on your beha

Ansible URI Module Breakdown & ISE Example

"The What?" - In this blog I want to cover an important Ansible module for those looking to gain an understanding of how to use Ansible to consume APIs without the need for custom modules. The URI mo